Repos-que-me-gustan/devops-exercises
1
0
Fork 0
Code Pull Requests Activity

Add Terraform and AWS exercises

Browse Source 
In addition to multiple new questions.
This commit is contained in:
abregman 2022-07-22 00:18:48 +03:00
parent 842120d428
commit 641f41aa96
8 changed files with 579 additions and 372 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -2,7 +2,7 @@
:information_source:  This repo contains questions and exercises on various technical topics, sometimes related to DevOps and SRE
:bar_chart:  There are currently **2371** exercises and questions
:bar_chart:  There are currently **2376** exercises and questions
:books:  To learn more about DevOps and SRE, check the resources in [devops-resources](https://github.com/bregman-arie/devops-resources) repository

337
exercises/aws/README.md
View File

@ -1,168 +1,160 @@
# AWS
## AWS Exercises
**Note**: Provided solutions are using the AWS console. It's recommended you'll use IaC technologies to solve the exercises (e.g. Terraform, Pulumi).<br>
**2nd Note**: Some of the exercises cost money and can't be performed using the free tier/resources
* [AWS IAM](#exercises-aws-iam)
* [AWS EC2](#exercises-aws-ec2)
* [AWS ELB](#exercises-aws-elb)
* [AWS Auto Scaling Groups](#exercises-aws-asg)
* [AWS VPC](#exercises-aws-vpc)
* [AWS Databases](#exercises-aws-databases)
* [AWS DNS](#exercises-aws-dns)
* [AWS Containers](#exercises-aws-containers)
* [AWS Lambda](#exercises-aws-rambda)
* [AWS Elastic Beanstalk](#exercises-aws-elastic-beanstalk)
* [AWS Misc](#exercises-aws-misc)
## AWS Questions
* [AWS Global Infrastructure](#questions-aws-global-infra)
* [AWS IAM](#questions-aws-iam)
* [AWS EC2](#questions-aws-ec2)
* [AMI](#questions-aws-ec2-ami)
* [EBS](#questions-aws-ec2-ebs)
* [Instance Store](#questions-aws-ec2-instance-store)
* [EFS](#questions-aws-ec2-efs)
* [Pricing Models](#questions-aws-ec2-pricing-models)
* [Launch Templates](#questions-aws-ec2-launch-templates)
* [ENI](#questions-aws-ec2-eni)
* [Placement Groups](#questions-aws-ec2-placement-groups)
* [AWS Containers](#questions-aws-containers)
* [AWS ECS](#questions-aws-containers-ecs)
* [AWS Fargate](#questions-aws-containers-fargate)
* [AWS S3](#questions-aws-s3)
* [AWS Disaster Recovery](#questions-aws-disaster-recovery)
* [AWS ELB](#questions-aws-elb)
* [AWS Auto Scaling Group](#questions-aws-asg)
* [AWS Security](#questions-aws-security)
* [AWS Databases](#questions-aws-db)
* [AWS RDS](#questions-aws-db-rds)
* [AWS Aurora](#questions-aws-db-aurora)
* [AWS DynamoDB](#questions-aws-db-dynamodb)
* [AWS ElastiCache](#questions-aws-db-elasticache)
* [AWS RedShift](#questions-aws-db-redshift)
* [AWS VPC](#questions-vpc)
* [AWS DNS](#questions-aws-dns)
* [AWS Monitoring and Logging](#questions-aws-monitoring-logging)
* [AWS Billing and Support](#questions-aws-billing-support)
* [AWS Automation](#questions-aws-automation)
* [AWS Misc](#questions-aws-misc)
* [AWS HA](#questions-aws-ha)
* [AWS Production Operations and Migrations](#questions-aws-migrations)
* [AWS Scenarios](#questions-aws-scenarios)
* [AWS Architecture Design](#questions-aws-architecture-design)
- [AWS](#aws)
- [Exercises](#exercises)
- [IAM](#iam)
- [EC2](#ec2)
- [ELB](#elb)
- [Auto Scaling Groups](#auto-scaling-groups)
- [VPC](#vpc)
- [Databases](#databases)
- [DNS](#dns)
- [Containers](#containers)
- [Lambda](#lambda)
- [Elastic Beanstalk](#elastic-beanstalk)
- [Misc](#misc)
- [Questions](#questions)
- [Global Infrastructure](#global-infrastructure)
- [IAM](#iam-1)
- [EC2](#ec2-1)
- [AMI](#ami)
- [EBS](#ebs)
- [Instance Store](#instance-store)
- [EFS](#efs)
- [Pricing Models](#pricing-models)
- [Launch Template](#launch-template)
- [ENI](#eni)
- [Placement Groups](#placement-groups)
- [Lambda](#lambda-1)
- [Containers](#containers-1)
- [ECS](#ecs)
- [Fargate](#fargate)
- [S3](#s3)
- [Basics](#basics)
- [Buckets](#buckets)
- [Security](#security)
- [Disaster Recovery](#disaster-recovery)
- [CloudFront](#cloudfront)
- [ELB](#elb-1)
- [Auto Scaling Group](#auto-scaling-group)
- [Security](#security-1)
- [Databases](#databases-1)
- [RDS](#rds)
- [Aurora](#aurora)
- [DynamoDB](#dynamodb)
- [ElastiCache](#elasticache)
- [RedShift](#redshift)
- [VPC](#vpc-1)
- [Identify the Service](#identify-the-service)
- [DNS (Route 53)](#dns-route-53)
- [Monitoring and Logging](#monitoring-and-logging)
- [Billing and Support](#billing-and-support)
- [Automation](#automation)
- [Misc](#misc-1)
- [High Availability](#high-availability)
- [Production Operations and Migrations](#production-operations-and-migrations)
- [Scenarios](#scenarios)
- [Architecture Design](#architecture-design)
## Exercises
<a name="exercises-aws-iam"></a>
### IAM
|Name|Topic|Objective & Instructions|Solution|Comments|
|--------|--------|------|----|----|
| Create a User | IAM | [Exercise](create_user.md) | [Solution](solutions/create_user.md) | Easy |
| Password Policy | IAM | [Exercise](password_policy_and_mfa.md) | [Solution](solutions/password_policy_and_mfa.md) | Easy |
| Create a role | IAM | [Exercise](create_role.md) | [Solution](solutions/create_role.md) | Easy |
| Credential Report | IAM | [Exercise](credential_report.md) | [Solution](solutions/credential_report.md) | Easy |
| Access Advisor | IAM | [Exercise](access_advisor.md) | [Solution](solutions/access_advisor.md) | Easy |
| Create a User | IAM | [Exercise](create_user.md) | [Solution](solutions/create_user.md) | |
| Password Policy | IAM | [Exercise](password_policy_and_mfa.md) | [Solution](solutions/password_policy_and_mfa.md) | |
| Create a role | IAM | [Exercise](create_role.md) | [Solution](solutions/create_role.md) | |
| Credential Report | IAM | [Exercise](credential_report.md) | [Solution](solutions/credential_report.md) | |
| Access Advisor | IAM | [Exercise](access_advisor.md) | [Solution](solutions/access_advisor.md) | |
<a name="exercises-aws-ec2"></a>
### EC2
|Name|Topic|Objective & Instructions|Solution|Comments|
|--------|--------|------|----|----|
| Launch EC2 web instance | EC2 | [Exercise](launch_ec2_web_instance.md) | [Solution](solutions/launch_ec2_web_instance.md) | Easy |
| Security Groups | EC2 | [Exercise](security_groups.md) | [Solution](solutions/security_groups.md) | Easy |
| IAM Roles | EC2, IAM | [Exercise](ec2_iam_roles.md) | [Solution](solutions/ec2_iam_roles.md) | Easy |
| Spot Instances | EC2 | [Exercise](create_spot_instances.md) | [Solution](solutions/create_spot_instances.md) | Easy |
| Elastic IP | EC2, Networking | [Exercise](elastic_ip.md) | [Solution](solutions/elastic_ip.md) | Easy |
| Placement Groups Creation | EC2, Placement Groups | [Exercise](placement_groups.md) | [Solution](solutions/placement_groups.md) | Easy |
| Elastic Network Interfaces | EC2, ENI | [Exercise](elastic_network_interfaces.md) | [Solution](solutions/elastic_network_interfaces.md) | Easy |
| Hibernate an Instance | EC2 | [Exercise](hibernate_instance.md) | [Solution](solutions/hibernate_instance.md) | Easy |
| Volume Creation | EC2, EBS | [Exercise](ebs_volume_creation.md) | [Solution](solutions/ebs_volume_creation.md) | Easy |
| Snapshots | EC2, EBS | [Exercise](snapshots.md) | [Solution](solutions/snapshots.md) | Easy |
| Create an AMI | EC2, AMI | [Exercise](create_ami.md) | [Solution](solutions/create_ami.md) | Easy |
| Create EFS | EC2, EFS | [Exercise](create_efs.md) | [Solution](solutions/create_efs.md) | Easy |
| Launch EC2 web instance | EC2 | [Exercise](launch_ec2_web_instance.md) | [Solution](solutions/launch_ec2_web_instance.md) | |
| Security Groups | EC2 | [Exercise](security_groups.md) | [Solution](solutions/security_groups.md) | |
| IAM Roles | EC2, IAM | [Exercise](ec2_iam_roles.md) | [Solution](solutions/ec2_iam_roles.md) | |
| Spot Instances | EC2 | [Exercise](create_spot_instances.md) | [Solution](solutions/create_spot_instances.md) | |
| Elastic IP | EC2, Networking | [Exercise](elastic_ip.md) | [Solution](solutions/elastic_ip.md) | |
| Placement Groups Creation | EC2, Placement Groups | [Exercise](placement_groups.md) | [Solution](solutions/placement_groups.md) | |
| Elastic Network Interfaces | EC2, ENI | [Exercise](elastic_network_interfaces.md) | [Solution](solutions/elastic_network_interfaces.md) | |
| Hibernate an Instance | EC2 | [Exercise](hibernate_instance.md) | [Solution](solutions/hibernate_instance.md) | |
| Volume Creation | EC2, EBS | [Exercise](ebs_volume_creation.md) | [Solution](solutions/ebs_volume_creation.md) | |
| Snapshots | EC2, EBS | [Exercise](snapshots.md) | [Solution](solutions/snapshots.md) | |
| Create an AMI | EC2, AMI | [Exercise](create_ami.md) | [Solution](solutions/create_ami.md) | |
| Create EFS | EC2, EFS | [Exercise](create_efs.md) | [Solution](solutions/create_efs.md) | |
<a name="exercises-aws-elb"></a>
### ELB
|Name|Topic|Objective & Instructions|Solution|Comments|
|--------|--------|------|----|----|
| Application Load Balancer | ELB, ALB | [Exercise](app_load_balancer.md) | [Solution](solutions/app_load_balancer.md) | Easy |
| Multiple Target Groups | ELB, ALB | [Exercise](alb_multiple_target_groups.md) | [Solution](solutions/alb_multiple_target_groups.md) | Easy |
| Network Load Balancer | ELB, NLB | [Exercise](network_load_balancer.md) | [Solution](solutions/network_load_balancer.md) | Easy |
| Application Load Balancer | ELB, ALB | [Exercise](app_load_balancer.md) | [Solution](solutions/app_load_balancer.md) | |
| Multiple Target Groups | ELB, ALB | [Exercise](alb_multiple_target_groups.md) | [Solution](solutions/alb_multiple_target_groups.md) | |
| Network Load Balancer | ELB, NLB | [Exercise](network_load_balancer.md) | [Solution](solutions/network_load_balancer.md) | |
<a name="exercises-aws-asg"></a>
### Auto Scaling Groups
|Name|Topic|Objective & Instructions|Solution|Comments|
|--------|--------|------|----|----|
| Auto Scaling Groups Basics | ASG | [Exercise](auto_scaling_groups_basics.md) | [Solution](solutions/auto_scaling_groups_basics.md) | Easy |
| Dynamic Scaling Policy | ASG, Policies | [Exercise](asg_dynamic_scaling_policy.md) | [Solution](solutions/asg_dynamic_scaling_policy.md) | Easy |
| Auto Scaling Groups Basics | ASG | [Exercise](auto_scaling_groups_basics.md) | [Solution](solutions/auto_scaling_groups_basics.md) | |
| Dynamic Scaling Policy | ASG, Policies | [Exercise](asg_dynamic_scaling_policy.md) | [Solution](solutions/asg_dynamic_scaling_policy.md) | |
<a name="exercises-aws-vpc"></a>
### VPC
|Name|Topic|Objective & Instructions|Solution|Comments|
|--------|--------|------|----|----|
| My First VPC | VPC | [Exercise](new_vpc.md) | [Solution](solutions/new_vpc.md) | Easy |
| Subnets | VPC | [Exercise](subnets.md) | [Solution](solutions/subnets.md) | Easy |
| My First VPC | VPC | [Exercise](new_vpc.md) | [Solution](solutions/new_vpc.md) | |
| Subnets | VPC | [Exercise](subnets.md) | [Solution](solutions/subnets.md) | |
<a name="exercises-aws-databases"></a>
### Databases
|Name|Topic|Objective & Instructions|Solution|Comments|
|--------|--------|------|----|----|
| MySQL DB | RDS | [Exercise](mysql_db.md) | [Solution](solutions/mysql_db.md) | Easy |
| Aurora DB | RDS | [Exercise](aurora_db.md) | [Solution](solutions/aurora_db.md) | Easy |
| ElastiCache | ElastiCache | [Exercise](elasticache.md) | [Solution](solutions/elasticache.md) | Easy |
| MySQL DB | RDS | [Exercise](mysql_db.md) | [Solution](solutions/mysql_db.md) | |
| Aurora DB | RDS | [Exercise](aurora_db.md) | [Solution](solutions/aurora_db.md) | |
| ElastiCache | ElastiCache | [Exercise](elasticache.md) | [Solution](solutions/elasticache.md) | |
<a name="exercises-aws-dns"></a>
### DNS
|Name|Topic|Objective & Instructions|Solution|Comments|
|--------|--------|------|----|----|
Register Domain | Route 53 | [Exercise](register_domain.md) | [Solution](solutions/register_domain.md) | Easy |
Creating Records | Route 53 | [Exercise](creating_records.md) | [Solution](solutions/creating_records.md) | Easy |
Health Checks | Route 53 | [Exercise](health_checks.md) | [Solution](solutions/health_checks.md) | Easy |
Failover | Route 53 | [Exercise](route_53_failover.md) | [Solution](solutions/route_53_failover.md) | Easy |
Register Domain | Route 53 | [Exercise](register_domain.md) | [Solution](solutions/register_domain.md) | |
Creating Records | Route 53 | [Exercise](creating_records.md) | [Solution](solutions/creating_records.md) | |
Health Checks | Route 53 | [Exercise](health_checks.md) | [Solution](solutions/health_checks.md) | |
Failover | Route 53 | [Exercise](route_53_failover.md) | [Solution](solutions/route_53_failover.md) | |
<a name="exercises-aws-containers"></a>
### Containers
|Name|Topic|Objective & Instructions|Solution|Comments|
|--------|--------|------|----|----|
| ECS Task | ECS, Fargate | [Exercise](ecs_task.md) | [Solution](solutions/ecs_task.md) | Easy |
| ECS Task | ECS, Fargate | [Exercise](ecs_task.md) | [Solution](solutions/ecs_task.md) | |
<a name="exercises-aws-lambda"></a>
### Lambda
|Name|Topic|Objective & Instructions|Solution|Comments|
|--------|--------|------|----|----|
| Hello Function | Lambda | [Exercise](hello_function.md) | [Solution](solutions/hello_function.md) | Easy |
| URL Function | Lambda | [Exercise](url_function.md) | [Solution](solutions/url_function.md) | Easy |
| Hello Function | Lambda | [Exercise](hello_function.md) | [Solution](solutions/hello_function.md) | |
| URL Function | Lambda | [Exercise](url_function.md) | [Solution](solutions/url_function.md) | |
<a name="exercises-aws-elastic-beanstalk"></a>
### Elastic Beanstalk
|Name|Topic|Objective & Instructions|Solution|Comments|
|--------|--------|------|----|----|
| Simple Elastic Beanstalk Node.js app | Elastic Beanstalk | [Exercise](elastic_beanstalk_simple.md) | [Solution](solutions/elastic_beanstalk_simple.md) | Easy |
| Simple Elastic Beanstalk Node.js app | Elastic Beanstalk | [Exercise](elastic_beanstalk_simple.md) | [Solution](solutions/elastic_beanstalk_simple.md) | |
<a name="exercises-aws-misc"></a>
### Misc
|Name|Topic|Objective & Instructions|Solution|Comments|
|--------|--------|------|----|----|
| Budget Setup | Budget | [Exercise](budget_setup.md) | [Solution](solutions/budget_setup.md) | Easy |
| No Application :'( | Troubleshooting | [Exercise](no_application.md) | [Solution](solutions/no_application.md) | Easy |
| Budget Setup | Budget | [Exercise](budget_setup.md) | [Solution](solutions/budget_setup.md) | |
| No Application :'( | Troubleshooting | [Exercise](no_application.md) | [Solution](solutions/no_application.md) | |
## Questions
<a name="questions-aws-global-infra"></a>
### Global Infrastructure
<details>
@ -200,7 +192,6 @@ False. The minimum is 2 while the maximum is 6.
* Pricing: the pricing might not be consistent across regions so, the price for the same service in different regions might be different.
</b></details>
<a name="questions-aws-iam"></a>
### IAM
<details>
@ -337,7 +328,6 @@ This policy permits to perform any action on any resource. It happens to be the
IAM Access Advisor
</b></details>
<a name="questions-aws-ec2"></a>
### EC2
<details>
@ -370,8 +360,7 @@ True. As opposed to IAM for example, which is a global service, EC2 is a regiona
AMI. With AMI (Amazon Machine Image) you can customize EC2 instances by specifying which software to install, what OS changes should be applied, etc.
</b></details>
<a name="questions-aws-ec2-ami"></a>
#### EC2 - AMI
#### AMI
<details>
<summary>What is AMI?</summary><br><b>
@ -461,8 +450,7 @@ Storage Optimized:
EBS
</b></details>
<a name="questions-aws-ec2-ebs"></a>
#### AWS EC2 - EBS
#### EBS
<details>
<summary>Explain Amazon EBS</summary><br><b>
@ -559,8 +547,7 @@ SSD: gp2, gp3, io1, io2
True.
</b></details>
<a name="questions-aws-ec2-instance-store"></a>
#### AWS EC2 - Instance Store
#### Instance Store
<details>
<summary>If you would like to have an hardware disk attached to your EC2 instead of a network one (EBS). What would you use?</summary><br><b>
@ -581,8 +568,7 @@ It is mostly used for cache and temporary data purposes.
Yes, the data on instance store is lost when they are stopped.
</b></details>
<a name="questions-aws-ec2-efs"></a>
#### AWS EC2 - EFS
#### EFS
<details>
<summary>What is Amazon EFS?</summary><br><b>
@ -648,8 +634,7 @@ Performance Mode (General Purpose): Used for web serving, CMS, ... anything that
* Infrequent access: lower prices to store files but it also costs to retrieve them
</b></details>
<a name="questions-aws-ec2-pricing-models"></a>
#### AWS EC2 - Pricing Models
#### Pricing Models
<details>
<summary>What EC2 pricing models are there?</summary><br><b>
@ -910,8 +895,7 @@ True. This is because the operating system isn't restarted or stopped.
* Usually combined with Reserved Instances and Saving Plans to achieve cost saving
</b></details>
<a name="questions-aws-ec2-launch-templates"></a>
#### AWS EC2 - Launch Template
#### Launch Template
<details>
<summary>What is a launch template?</summary><br><b>
@ -930,8 +914,7 @@ In addition, launch template has the clear benefits of:
* support creating parameters subsets (used for re-use and inheritance)
</b></details>
<a name="questions-aws-ec2-eni"></a>
#### AWS EC2 - ENI
#### ENI
<details>
<summary>Explain Elastic Network Interfaces (ENI)</summary><br><b>
@ -959,8 +942,7 @@ False. ENI are bound to specific availability zone.
True. They can be attached later on and on the fly (for failover purposes).
</b></details>
<a name="questions-aws-ec2-placement-groups"></a>
#### AWS EC2 - Placement Groups
#### Placement Groups
<details>
<summary>What are "Placement Groups"?</summary><br><b>
@ -1008,8 +990,6 @@ Pros:
* Maximized high availability (instances on different hardware, span across AZs)
</b></details>
<a name="questions-aws-identify-service"></a>
### Lambda
<details>
@ -1043,11 +1023,9 @@ False. Charges are being made when the code is executed.
True
</b></details>
<a name="questions-aws-containers"></a>
### Containers
<a name="questions-aws-containers-ecs"></a>
#### Containers - ECS
#### ECS
<details>
<summary>What is Amazon ECS?</summary><br><b>
@ -1094,8 +1072,7 @@ EC2 Instance Profile used by ECS agent on an EC2 instance to:
Using EFS is a good way to share data between containers and it works also between different AZs.
</b></details>
<a name="questions-aws-containers-fargate"></a>
#### Containers - Fargate
#### Fargate
<details>
<summary>What is AWS Fargate?</summary><br><b>
@ -1118,14 +1095,16 @@ While in AWS Fargate, you don't provision or manage the infrastructure, you simp
True.
</b></details>
<a name="questions-aws-s3"></a>
### S3
#### Basics
<details>
<summary>Explain what is AWS S3?</summary><br><b>
S3 stands for: Simple Storage Service.<br>
S3 is a object storage service which is fast, scalable and durable. S3 enables customers to upload, download or store any file or object that is up to 5 TB in size.
- S3 is a object storage service which is fast, scalable and durable. S3 enables customers to upload, download or store any file or object that is up to 5 TB in size.<br>
- S3 stands for: Simple Storage Service
- As a user you don't have to worry about filesystems or disk space
</b></details>
<details>
@ -1134,12 +1113,6 @@ S3 is a object storage service which is fast, scalable and durable. S3 enables c
An S3 bucket is a resource which is similar to folders in a file system and allows storing objects, which consist of data.
</b></details>
<details>
<summary>True or False? A bucket name must be globally unique</summary><br><b>
True
</b></details>
<details>
<summary>Explain folders and objects in regards to buckets</summary><br><b>
@ -1268,18 +1241,70 @@ Learn more [here](https://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-accel
No. S3 support only statis hosts. On a static website, individual webpages include static content. They might also contain client-side scripts. By contrast, a dynamic website relies on server-side processing, including server-side scripts such as PHP, JSP, or ASP.NET. Amazon S3 does not support server-side scripting.
</b></details>
#### Buckets
<details>
<summary>True or False? A bucket name must be globally unique</summary><br><b>
True
</b></details>
<details>
<summary>How to rename a bucket in S3?</summary><br><b>
A S3 bucket name is immutable. That means it's not possible to change it, without removing and creating a new bucket.
This is why the process for renaming a bucket is as follows:
* Create a new bucket with the desired name
* Move the data from the old bucket to it
* Delete the old bucket
With the AWS CLI that would be:
```sh
# Create new bucket
aws s3 mb s3://[NEW_BUCKET_NAME]
# Sync the content from the old bucket to the new bucket
$ aws s3 sync s3://[OLD_BUCKET_NAME] s3://[NEW_BUCKET_NAME]
# Remove old bucket
$ aws s3 rb --force s3://[OLD_BUCKET_NAME]
```
</b></details>
#### Security
<details>
<summary>True or False? Every new S3 bucket is public by default</summary><br><b>
False
</b></details>
<details>
<summary>What security measures have you taken in context of S3?</summary><br><b>
* Enable versioning.
* Don't make bucket public.
* Don't make a bucket public.
* Enable encryption if it's disabled.
* Define an access policy
</b></details>
<details>
<summary>What storage options are there for EC2 Instances?</summary><br><b>
<summary>True or False? In case of SSE-AES encryption, you manage the key</summary><br><b>
False. S3 manages the key and uses AES-256 algorithm for the encryption.
</b></details>
<details>
<summary>True or False? In case of SSE-C encryption, both S3 and you manage the keys</summary><br><b>
False. You manage the keys. It's customer provided key.
</b></details>
<details>
<summary>True or False? Traffic between a host an S3 (e.g. uploading a file) is encrypted using SSL/TLS</summary><br><b>
True
</b></details>
<a name="questions-aws-disaster-recovery"></a>
### Disaster Recovery
<details>
@ -1306,7 +1331,6 @@ Lowest - Multi-site
Highest - The cold method
</b></details>
<a name="questions-aws-cloudfront"></a>
### CloudFront
<details>
@ -1341,7 +1365,6 @@ True
A transport solution which was designed for transferring large amounts of data (petabyte-scale) into and out the AWS cloud.
</b></details>
<a name="questions-aws-elb"></a>
### ELB
<details>
@ -1526,7 +1549,6 @@ True
The period of time or process of "draining" instances from requests/traffic (basically let it complete all active connections but don't start new ones) so it can be de-registered eventually and ELB won't send requests/traffic to it anymore.
</b></details>
<a name="questions-aws-asg"></a>
### Auto Scaling Group
<details>
@ -1604,7 +1626,6 @@ Lifecycle hooks allows you perform extra steps before the instance goes in servi
Lifecycle hooks in pending state.
</b></details>
<a name="questions-aws-securtiy"></a>
### Security
<details>
@ -1743,11 +1764,9 @@ Amazon definition: "AWS Certificate Manager is a service that lets you easily pr
Learn more [here](https://aws.amazon.com/certificate-manager)
</b></details>
<a name="questions-aws-db"></a>
### Databases
<a name="questions-aws-db-rds"></a>
#### Databases - RDS
#### RDS
<details>
<summary>What is AWS RDS?</summary><br><b>
@ -1880,8 +1899,7 @@ Note: The token has a lifetime of 15 minutes
True. Since read replicas add endpoints, each with its own DNS name, you need to modify your app to reference these new endpoints to balance the load read.
</b></details>
<a name="questions-aws-db-aurora"></a>
#### Databases - Aurora
#### Aurora
<details>
<summary>What do you know about Amazon Aurora?</summary><br><b>
@ -1933,8 +1951,7 @@ True. If your read replica instances exhaust their CPU, you can scale by adding
Aurora multi-master is perfect for a use case where you want to have instant failover for write node.
</b></details>
<a name="questions-aws-db-dynamodb"></a>
#### Databases - DynamoDB
#### DynamoDB
<details>
<summary>What is AWS DynamoDB?</summary><br><b>
@ -1964,8 +1981,7 @@ Amazon definition: "Amazon DynamoDB Accelerator (DAX) is a fully managed, highly
Learn more [here](https://aws.amazon.com/dynamodb/dax)
</b></details>
<a name="questions-aws-db-elasticache"></a>
#### Databases - ElastiCache
#### ElastiCache
<details>
<summary>What is AWS ElastiCache? In what use case should it be used?</summary><br><b>
@ -2022,8 +2038,7 @@ True.
* Session Store: store temporary session data in cache
</b></details>
<a name="questions-aws-db-redshift"></a>
#### Databases - RedShift
#### RedShift
<details>
<summary>What is AWS Redshift and how is it different than RDS?</summary><br><b>
@ -2058,7 +2073,6 @@ Learn more [here](https://aws.amazon.com/documentdb)
EBS
</b></details>
<a name="questions-aws-vpc"></a>
### VPC
<details>
@ -2437,7 +2451,6 @@ API Gateway - to define the URL trigger (= when you insert the URL, the function
Kinesis
</b></details>
<a name="questions-aws-dns"></a>
### DNS (Route 53)
<details>
@ -2670,8 +2683,7 @@ False. Route 53 Multi Value is not a substitute for ELB. It's focused on client-
False. DNS service can be Route 53 (where you manage DNS records) while the domain itself can be purchased from other sources that aren't Amazon related (e.g. GoDadday).
</b></details>
<a name="questions-aws-monitoring-logging"></a>
### Monitoring & Logging
### Monitoring and Logging
<details>
<summary>What is AWS CloudWatch?</summary><br><b>
@ -2709,8 +2721,7 @@ Read more about it [here](https://aws.amazon.com/sns)
* Publishers - the provider of the message (event, person, ...)
</b></details>
<a name="questions-aws-billing-support"></a>
### Billing & Support
### Billing and Support
<details>
<summary>What is "AWS Organizations"?</summary><br><b>
@ -2803,7 +2814,6 @@ True. You pay differently based on the chosen region.
AWS Definition: "AWS Infrastructure Event Management is a structured program available to Enterprise Support customers (and Business Support customers for an additional fee) that helps you plan for large-scale events such as product or application launches, infrastructure migrations, and marketing events."
</b></details>
<a name="questions-aws-automation"></a>
### Automation
<details>
@ -2818,8 +2828,7 @@ Learn more [here](https://aws.amazon.com/codedeploy)
<summary>Explain what is CloudFormation</summary><br><b>
</b></details>
<a name="questions-aws-misc"></a>
### Misc
### Misc
<details>
<summary>Which AWS service you have experience with that you think is not very common?</summary><br><b>
@ -3006,7 +3015,6 @@ AWS definition: "Amazon Simple Queue Service (SQS) is a fully managed message qu
Learn more about it [here](https://aws.amazon.com/sqs)
</b></details>
<a name="questions-aws-ha"></a>
### High Availability
<details>
@ -3016,7 +3024,6 @@ Learn more about it [here](https://aws.amazon.com/sqs)
* Application/Service should survive (= operate as usual) a data center disaster
</b></details>
<a name="questions-aws-migrations"></a>
### Production Operations and Migrations
<details>
@ -3076,7 +3083,6 @@ For example, if you go to your instances in the AWS console you might see that t
Go to the security group of your instance(s) and enable the traffic that NLB should forward (e.g. TCP on port 80).
</b></details>
<a name="questions-aws-scenarios"></a>
### Scenarios
<details>
@ -3126,7 +3132,6 @@ Use Amazon EventBridge so every time a file is uploaded to an S3 bucket (event)
Such task should have an ECS Task Role so it can get the object from the S3 bucket (and possibly other permissions if it needs to update the DB for example).
</b></details>
<a name="questions-aws-architecture-design"></a>
### Architecture Design
<details>

458
exercises/terraform/README.md
View File

@ -1,112 +1,90 @@
## Terraform
# Terraform
- [Terraform](#terraform)
- [Exercises](#exercises)
- [Terraform 101](#terraform-101)
- [AWS](#aws)
- [Questions](#questions)
- [Terraform 101](#terraform-101-1)
- [Providers](#providers)
- [Provisioners](#provisioners)
- [Modules](#modules)
- [Variables](#variables)
- [State](#state)
- [Import](#import)
- [Real Life Scenarios](#real-life-scenarios)
## Exercises
<a name="exercises-terraform-101"></a>
### Terraform 101
|Name|Topic|Objective & Instructions|Solution|Comments|
|--------|--------|------|----|----|
| Local Provider | Basics | [Exercise](terraform_local_provider/exercise.md) | [Solution](terraform_local_provider/solution.md) | |
### AWS
The following exercises require account in AWS and might cost you $$$
|Name|Topic|Objective & Instructions|Solution|Comments|
|--------|--------|------|----|----|
| Launch EC2 web instance | EC2 | [Exercise](launch_ec2_web_instance/exercise.md) | [Solution](launch_ec2_web_instance/solution.md) | |
| Rename S3 bucket | S3 | [Exercise](s3_bucket_rename/exercise.md) | [Solution](s3_bucket_rename/solution.md) | |
## Questions
<a name="questions-terraform-101"></a>
### Terraform 101
<details>
<summary>Explain what Terraform is and how does it works</summary><br><b>
<summary>What are the advantages in using Terraform or IaC in general?</summary><br><b>
[Terraform.io](https://www.terraform.io/intro/index.html#what-is-terraform-): "Terraform is an infrastructure as code (IaC) tool that allows you to build, change, and version infrastructure safely and efficiently."<br>
- Full automation: In the past, resource creation, modification and removal were handled manually or by using a set of tooling. With Terraform or other IaC technologies, you manage the full lifecycle in an automated fashion.<br>
- Modular and Reusable: Code that you write for certain purposes can be used and assembled in different ways. You can write code to create resources on a public cloud and it can be shared with other teams who can also use it in their account on the same (or different) cloud><br>
- Improved testing: Concepts like CI can be easily applied on IaC based projects and code snippets. This allow you to test and verify operations beforehand
</b></details>
<details>
<summary>Why one would prefer using Terraform and not other technologies? (e.g. Ansible, Puppet, CloudFormation)</summary><br><b>
<summary>What are some of Terraform features?</summary><br><b>
A common *wrong* answer is to say that Ansible and Puppet are configuration management tools
and Terraform is a provisioning tool. While technically true, it doesn't mean Ansible and Puppet can't
be used for provisioning infrastructure. Also, it doesn't explain why Terraform should be used over
CloudFormation if at all.
The benefits of Terraform over the other tools:
* It follows the immutable infrastructure approach which has benefits like avoiding a configuration drift over time
* Ansible and Puppet are more procedural (you mention what to execute in each step) and Terraform is declarative since you describe the overall desired state and not per resource or task. You can give the example of going from 1 to 2 servers in each tool. In Terraform you specify 2, in Ansible and puppet you have to only provision 1 additional server so you need to explicitly make sure you provision only another one server.
- Declarative: Terraform uses the declarative approach (rather than the procedural one) in order to define end-status of the resources
- No agents: as opposed to other technologies (e.g. Puppet) where you use a model of agent and server, with Terraform you use the different APIs (of clouds, services, etc.) to perform the operations
- Community: Terraform has strong community who constantly publishes modules and fixes when needed. This ensures there is good modules maintenance and users can get support quite quickly at any point
</b></details>
<details>
<summary>How do you structure your Terraform projects?</summary><br><b>
<summary>In what language infrastructure in Terraform is defined?</summary><br><b>
terraform_directory
providers.tf -> List providers (source, version, etc.)
variables.tf -> any variable used in other files such as main.tf
main.tf -> Lists the resources
HCL (Hashiciorp Configuration Language). A declarative language for defining infrastructure.
</b></details>
<details>
<summary>True or False? Terraform follows the mutable infrastructure paradigm</summary><br><b>
<summary>What's a typical Terraform workflow?</summary><br><b>
False. Terraform follows immutable infrastructure paradigm.
1. Write Terraform definitions: `.tf` files written in HCL that described the desired infrastructure state
2. Review: With command such as `terraform plan` you can get a glance at what Terraform will perform with the written definitions
3. Apply definitions: With the command `terraform apply` Terraform will apply the given definitions, by adding, modifying or removing the resources
</b></details>
<details>
<summary>True or False? Terraform uses declarative style to describe the expected end state</summary><br><b>
True
<summary>What are some use cases for using Terraform?</summary><br><b>
- Multi-cloud environment: You manage infrastructure on different clouds, but looking for a consistent way to do it across the clouds
- Consistent environments: You manage environments such as test, production, staging, ... and looking for a way to have them consistent so any modification in one of them, applies to other environments as well
</b></details>
<details>
<summary>What is HCL?</summary><br><b>
HCL stands for Hashicorp Configuration Language. It is the language Hashicorp made to use as the configuration language for a number of its tools, including terraform.
<summary>What's the difference between Terraform and technologies such as Ansible, Puppet, Chef, etc.</summary><br><b>
Terraform is considered to be an IaC technology. It's used for provisioning resources, for managing infrastructure on different platforms.
Ansible, Puppet and Chef are Configuration Management technologies. They are used once there is an instance running and you would like to apply some configuration on it like installing an application, applying security policy, etc.
To be clear, CM tools can be used to provision resources so in the end goal of having infrastructure, both Terraform and something like Ansible, can achieve the same result. The difference is in the how. Ansible doesn't saves the state of resources, it doesn't know how many instances there are in your environment as opposed to Terraform. At the same time while Terraform can perform configuration management tasks, it has less modules support for that specific goal and it doesn't track the task execution state as Ansible. The differences are there and it's most of the time recommended to mix the technologies, so Terraform used for managing infrastructure and CM technologies used for configuration on top of that infrastructure.
</b></details>
<details>
<summary>Explain what is "Terraform configuration"</summary><br><b>
A configuration is a root module along with a tree of child modules that are called as dependencies from the root module.
</b></details>
<details>
<summary>Explain what the following commands do:
* <code>terraform init</code>
* <code>terraform plan</code>
* <code>terraform validate</code>
* <code>terraform apply</code>
</summary><br><b>
<code>terraform init</code> scans your code to figure which providers are you using and download them.
<code>terraform plan</code> will let you see what terraform is about to do before actually doing it.
<code>terraform validate</code> checks if configuration is syntactically valid and internally consistent within a directory.
<code>terraform apply</code> will provision the resources specified in the .tf files.
</b></details>
#### Terraform - Resources
<details>
<summary>What is a "resource"?</summary><br><b>
HashiCorp: "Terraform uses resource blocks to manage infrastructure, such as virtual networks, compute instances, or higher-level components such as DNS records. Resource blocks represent one or more infrastructure objects in your Terraform configuration."
</b></details>
<details>
<summary>Explain each part of the following line: `resource "aws_instance" "web_server" {...}`</summary><br><b>
- resource: keyword for defining a resource
- "aws_instance": the type of the resource
- "web_server": the name of the resource
</b></details>
<details>
<summary>What is the ID of the following resource: `resource "aws_instance" "web_server" {...}`</summary><br><b>
`aws_instance.web_server`
</b></details>
<details>
<summary>True or False? Resource ID must be unique within a workspace</summary><br><b>
True
</b></details>
<details>
<summary>Explain each of the following in regards to resources
* Arguments
* Attributes
* Meta-arguments</summary><br><b>
- Arguments: resource specific configurations
- Attributes: values exposed by the resource in a form of `resource_type.resource_name.attribute_name`. They are set by the provider or API usually.
- Meta-arguments: Functions of Terraform to change resource's behavior
</b></details>
#### Terraform - Providers
### Providers
<details>
<summary>Explain what is a "provider"</summary><br><b>
@ -114,13 +92,177 @@ True
[terraform.io](https://www.terraform.io/docs/language/providers/index.html): "Terraform relies on plugins called "providers" to interact with cloud providers, SaaS providers, and other APIs...Each provider adds a set of resource types and/or data sources that Terraform can manage. Every resource type is implemented by a provider; without providers, Terraform can't manage any kind of infrastructure."
</b></details>
<details>
<summary>Where can you find publicly available providers?</summary><br><b>
In the [Terraform Registry](https://registry.terraform.io/browse/providers)
</b></details>
<details>
<summary>What is the name of the provider in this case: `resource "libvirt_domain" "instance" {...}`</summary><br><b>
libvirt
</b></details>
#### Terraform - Variables
<details>
<summary>Write a configuration of a Terraform provider (any type you would like)</summary><br><b>
AWS is one of the most popular providers in Terraform. Here is an example of how to configure it to use one specific region and specifying a specific version of the provider
```
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.0"
}
}
}
# Configure the AWS Provider
provider "aws" {
region = "us-west-2"
}
```
</b></details>
<details>
<summary>What is the Terraform Registry?</summary><br><b>
The Terraform Registry provides a centralized location for official and community-managed providers and modules.
</b></details>
### Provisioners
<details>
<summary>What are "Provisioners"? What they are used for?</summary><br><b>
Provisioners can be described as plugin to use with Terraform, usually focusing on the aspect of service configuration and make it operational.
Few example of provisioners:
* Run configuration management on a provisioned instance using technology like Ansible, Chef or Puppet.
* Copying files
* Executing remote scripts
</b></details>
<details>
<summary>Why is it often recommended to use provisioners as last resort?</summary><br><b>
Since a provisioner can run a variety of actions, it's not always feasible to plan and understand what will happen when running a certain provisioner. For this reason, it's usually recommended to use Terraform built-in option, whenever's possible.
</b></details>
<details>
<summary>What is <code>local-exec</code> and <code>remote-exec</code> in the context of provisioners?</summary><br><b>
</b></details>
<details>
<summary>What is a "tainted resource"?</summary><br><b>
It's a resource which was successfully created but failed during provisioning. Terraform will fail and mark this resource as "tainted".
</b></details>
<details>
<summary>What <code>terraform taint</code> does?</summary><br><b>
<code>terraform taint resource.id</code> manually marks the resource as tainted in the state file. So when you run <code>terraform apply</code> the next time, the resource will be destroyed and recreated.
</b></details>
<details>
<summary>What is a data source? In what scenarios for example would need to use it?</summary><br><b>
Data sources lookup or compute values that can be used elsewhere in terraform configuration.
There are quite a few cases you might need to use them:
* you want to reference resources not managed through terraform
* you want to reference resources managed by a different terraform module
* you want to cleanly compute a value with typechecking, such as with <code>aws_iam_policy_document</code>
</b></details>
<details>
<summary>What are output variables and what <code>terraform output</code> does?</summary><br><b>
Output variables are named values that are sourced from the attributes of a module. They are stored in terraform state, and can be used by other modules through <code>remote_state</code>
</b></details>
<details>
<summary>Explain <code>remote-exec</code> and <code>local-exec</code></summary><br><b>
</b></details>
<details>
<summary>Explain "Remote State". When would you use it and how?</summary><br><b>
Terraform generates a `terraform.tfstate` json file that describes components/service provisioned on the specified provider. Remote
State stores this file in a remote storage media to enable collaboration amongst team.
</b></details>
<details>
<summary>Explain "State Locking"</summary><br><b>
State locking is a mechanism that blocks an operations against a specific state file from multiple callers so as to avoid conflicting operations from different team members. Once the first caller's operation's lock is released the other team member may go ahead to
carryout his own operation. Nevertheless Terraform will first check the state file to see if the desired resource already exist and
if not it goes ahead to create it.
</b></details>
<details>
<summary>Aside from <code>.tfvars</code> files or CLI arguments, how can you inject dependencies from other modules?</summary><br><b>
The built-in terraform way would be to use <code>remote-state</code> to lookup the outputs from other modules.
It is also common in the community to use a tool called <code>terragrunt</code> to explicitly inject variables between modules.
</b></details>
<details>
<summary>How do you import existing resource using Terraform import?</summary><br><b>
1. Identify which resource you want to import.
2. Write terraform code matching configuration of that resource.
3. Run terraform command <code>terraform import RESOURCE ID</code><br>
eg. Let's say you want to import an aws instance. Then you'll perform following:
1. Identify that aws instance in console
2. Refer to it's configuration and write Terraform code which will look something like:
```
resource "aws_instance" "tf_aws_instance" {
ami = data.aws_ami.ubuntu.id
instance_type = "t3.micro"
tags = {
Name = "import-me"
}
}
```
3. Run terraform command <code>terraform import aws_instance.tf_aws_instance i-12345678</code>
</b></details>
### Modules
<details>
<summary>Explain Modules</summary>
[Terraform.io](https://www.terraform.io/language/modules/develop): "A module is a container for multiple resources that are used together. Modules can be used to create lightweight abstractions, so that you can describe your infrastructure in terms of its architecture, rather than directly in terms of physical objects."
</b></details>
<details>
<summary>How do you test a terraform module?</summary><br><b>
Many examples are acceptable, but the most common answer would likely to be using the tool <code>terratest</code>, and to test that a module can be initialized, can create resources, and can destroy those resources cleanly.
</b></details>
<details>
<summary>Where can you obtain Terraform modules?<summary><br><b>
Terraform modules can be found at the [Terrafrom registry](https://registry.terraform.io/browse/modules)
</b></details>
### Variables
<details>
<summary>What types of variables are supported in Terraform?</summary><br><b>
string
number
bool
list(<TYPE>)
set(<TYPE>)
map(<TYPE>)
object({<ATTR_NAME> = <TYPE>, ... })
tuple([<TYPE>, ...])
</b></details>
<details>
<summary>What are Input Variables in Terraform? Why one should use them?</summary><br><b>
@ -230,7 +372,13 @@ z = "luigi"
```
</b></details>
#### Terraform - State
### State
<details>
<summary>What's Terraform State?</summary><br><b>
[Terraform.io](https://www.terraform.io/language/state): "Terraform must store state about your managed infrastructure and configuration. This state is used by Terraform to map real world resources to your configuration, keep track of metadata, and to improve performance for large infrastructures."
</b></details>
<details>
<summary>What <code>terraform.tfstate</code> file is used for?</summary><br><b>
@ -267,6 +415,12 @@ As such, tfstate shouldn't be stored in git repositories. secured storage such a
- The state is stored by default in a local file named terraform.tfstate.
</b></details>
<details>
<summary>What is Terraform import?</summary><br><b>
Terraform import is used to import existing infrastructure. It allows you to bring resources created by some other means (eg. manually launched cloud resources) and bring it under Terraform management.
</b></details>
<details>
<summary>Can we store tfstate file at remote location? If yes, then in which condition you will do this?</summary><br><b>
@ -309,129 +463,23 @@ You use it this way: <code>variable “my_var” {}</code>
[Provisioners](https://www.terraform.io/docs/language/resources/provisioners)
</b></details>
#### Terraform - Provisioners
### Import
<details>
<summary>What are "Provisioners"? What they are used for?</summary><br><b>
<summary>Explain Terraform's import functionality</summary><br><b>
Provisioners used to execute actions on local or remote machine. It's extremely useful in case you provisioned an instance and you want to make a couple of changes in the machine you've created without manually ssh into it after Terraform finished to run and manually run them.
`terraform import` is a CLI command used for importing an existing infrastructure into Terraform's state.
It's does NOT create the definitions/configuration for creating such infrastructure
</b></details>
<details>
<summary>What is <code>local-exec</code> and <code>remote-exec</code> in the context of provisioners?</summary><br><b>
<summary>State two use cases where you would use <code>terraform import</code></summary><br><b>
1. You have existing resources in the cloud and they are not managed by Terraform (as in not included in the state)
2. You lost your tfstate file and need to rebuild it
</b></details>
<details>
<summary>What is a "tainted resource"?</summary><br><b>
It's a resource which was successfully created but failed during provisioning. Terraform will fail and mark this resource as "tainted".
</b></details>
<details>
<summary>What <code>terraform taint</code> does?</summary><br><b>
<code>terraform taint resource.id</code> manually marks the resource as tainted in the state file. So when you run <code>terraform apply</code> the next time, the resource will be destroyed and recreated.
</b></details>
<details>
<summary>What types of variables are supported in Terraform?</summary><br><b>
string
number
bool
list(<TYPE>)
set(<TYPE>)
map(<TYPE>)
object({<ATTR_NAME> = <TYPE>, ... })
tuple([<TYPE>, ...])
</b></details>
<details>
<summary>What is a data source? In what scenarios for example would need to use it?</summary><br><b>
Data sources lookup or compute values that can be used elsewhere in terraform configuration.
There are quite a few cases you might need to use them:
* you want to reference resources not managed through terraform
* you want to reference resources managed by a different terraform module
* you want to cleanly compute a value with typechecking, such as with <code>aws_iam_policy_document</code>
</b></details>
<details>
<summary>What are output variables and what <code>terraform output</code> does?</summary><br><b>
Output variables are named values that are sourced from the attributes of a module. They are stored in terraform state, and can be used by other modules through <code>remote_state</code>
</b></details>
<details>
<summary>Explain Modules</summary>
A Terraform module is a set of Terraform configuration files in a single directory. Modules are small, reusable Terraform configurations that let you manage a group of related resources as if they were a single resource. Even a simple configuration consisting of a single directory with one or more .tf files is a module. When you run Terraform commands directly from such a directory, it is considered the root module. So in this sense, every Terraform configuration is part of a module.
</b></details>
<details>
<summary>What is the Terraform Registry?</summary><br><b>
The Terraform Registry provides a centralized location for official and community-managed providers and modules.
</b></details>
<details>
<summary>Explain <code>remote-exec</code> and <code>local-exec</code></summary><br><b>
</b></details>
<details>
<summary>Explain "Remote State". When would you use it and how?</summary><br><b>
Terraform generates a `terraform.tfstate` json file that describes components/service provisioned on the specified provider. Remote
State stores this file in a remote storage media to enable collaboration amongst team.
</b></details>
<details>
<summary>Explain "State Locking"</summary><br><b>
State locking is a mechanism that blocks an operations against a specific state file from multiple callers so as to avoid conflicting operations from different team members. Once the first caller's operation's lock is released the other team member may go ahead to
carryout his own operation. Nevertheless Terraform will first check the state file to see if the desired resource already exist and
if not it goes ahead to create it.
</b></details>
<details>
<summary>What is the "Random" provider? What is it used for</summary><br><b>
The random provider aids in generating numeric or alphabetic characters to use as a prefix or suffix for a desired named identifier.
</b></details>
<details>
<summary>How do you test a terraform module?</summary><br><b>
Many examples are acceptable, but the most common answer would likely to be using the tool <code>terratest</code>, and to test that a module can be initialized, can create resources, and can destroy those resources cleanly.
</b></details>
<details>
<summary>Aside from <code>.tfvars</code> files or CLI arguments, how can you inject dependencies from other modules?</summary><br><b>
The built-in terraform way would be to use <code>remote-state</code> to lookup the outputs from other modules.
It is also common in the community to use a tool called <code>terragrunt</code> to explicitly inject variables between modules.
</b></details>
<details>
<summary>What is Terraform import?</summary><br><b>
Terraform import is used to import existing infrastructure. It allows you to bring resources created by some other means (eg. manually launched cloud resources) and bring it under Terraform management.
</b></details>
<details>
<summary>How do you import existing resource using Terraform import?</summary><br><b>
1. Identify which resource you want to import.
2. Write terraform code matching configuration of that resource.
3. Run terraform command <code>terraform import RESOURCE ID</code><br>
eg. Let's say you want to import an aws instance. Then you'll perform following:
1. Identify that aws instance in console
2. Refer to it's configuration and write Terraform code which will look something like:
```
resource "aws_instance" "tf_aws_instance" {
ami = data.aws_ami.ubuntu.id
instance_type = "t3.micro"
tags = {
Name = "import-me"
}
}
```
3. Run terraform command <code>terraform import aws_instance.tf_aws_instance i-12345678</code>
</b></details>
### Real Life Scenarios
TODO

0
exercises/terraform/launch_ec2_web_instance/exercise.md Normal file
View File

20
exercises/terraform/s3_bucket_rename/exercise.md Normal file
View File

@ -0,0 +1,20 @@
# Rename S3 Bucket
## Requirements
* An existing S3 bucket tracked by Terraform.
If you don't have it, you can use the following block and run `terraform apply`:
```terraform
resource "aws_s3_bucket" "some_bucket" {
bucket = "some-old-bucket"
}
```
## Objectives
1. Rename an existing S3 bucket and make sure it's still tracked by Terraform
## Solution
Click [here to view the solution](solution.md)

49
exercises/terraform/s3_bucket_rename/solution.md Normal file
View File

@ -0,0 +1,49 @@
# Rename S3 Bucket
## Requirements
* An existing S3 bucket tracked by Terraform.
If you don't have it, you can use the following block and run `terraform apply`:
```terraform
resource "aws_s3_bucket" "some_bucket" {
bucket = "some-old-bucket"
}
```
## Objectives
1. Rename an existing S3 bucket and make sure it's still tracked by Terraform
## Solution
```sh
# A bucket name is immutable in AWS so we'll have to create a new bucket
aws s3 mb s3://some-new-bucket-123
# Sync old bucket to new bucket
aws s3 sync s3://some-old-bucket s3://some-new-bucket-123
# Remove the old bucket from Terraform's state
terraform state rm aws_s3_bucket.some_bucket
# Import new bucket to Terraform's state
terraform import aws_s3_bucket.some_bucket some-new-bucket-123
: '
aws_s3_bucket.some_bucket: Refreshing state... [id=some-new-bucket-123]
Import successful!
The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.
'
# Modify the Terraform definition to include the new name
# resource "aws_s3_bucket" "some_bucket" {
# bucket = "some-new-bucket-123"
# }
# Remove old bucket
aws s3 rm s3://some-old-bucket --recursive
aws s3 rb s3://some-old-bucket
```

22
exercises/terraform/terraform_local_provider/exercise.md Normal file
View File

@ -0,0 +1,22 @@
# Local Provider
## Objectives
Learn how to use and run Terraform basic commands
1. Create a directory called "my_first_run"
2. Inside the directory create a file called "main.tf" with the following content
```terraform
resource "local_file" "mario_local_file" {
content = "It's a me, Mario!"
filename = "/tmp/who_is_it.txt"
}
```
3. Run `terraform init`. What did it do?
4. Run `terraform plan`. What Terraform is going to perform?
5. Finally, run 'terraform apply' and verify the file was created
## Solution
Click [here to view the solution](solution.md)

63
exercises/terraform/terraform_local_provider/solution.md Normal file
View File

@ -0,0 +1,63 @@
# Local Provider
## Objectives
Learn how to use and run Terraform basic commands
1. Create a directory called "my_first_run"
2. Inside the directory create a file called "main.tf" with the following content
```terraform
resource "local_file" "mario_local_file" {
content = "It's a me, Mario!"
filename = "/tmp/who_is_it.txt"
}
```
3. Run `terraform init`. What did it do?
4. Run `terraform plan`. What Terraform is going to perform?
5. Finally, run 'terraform apply' and verify the file was created
## Solution
```sh
# Create a directory
mkdir my_first_run && cd my_first_run
# Create the file 'main.tf'
cat << EOT >> main.tf
resource "local_file" "mario_local_file" {
content = "It's a me, Mario!"
filename = "/tmp/who_is_it.txt"
}
EOT
# Run 'terraform init'
terraform init
# Running 'ls -la' you'll it created '.terraform' and '.terraform.lock.hcl'
# In addition, it initialized (downloaded and installed) the relevant provider plugins. In this case, the "hashicorp/local"
# Run 'terraform plan'
terraform plan
# It shows what Terraform is going to perform once you'll run 'terraform apply'
<< terraform_plan_output
Terraform will perform the following actions:
# local_file.mario_local_file will be created
+ resource "local_file" "mario_local_file" {
+ content = "It's a me, Mario!"
+ directory_permission = "0777"
+ file_permission = "0777"
+ filename = "/tmp/who_is_it.txt"
+ id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
terraform_plan_output
# Apply main.tf (it's better to run without -auto-approve if you are new to Terraform)
terraform apply -auto-approve
ls /tmp/who_is_it.txt
# /tmp/who_is_it.txt
```