1 00:00:06,556 --> 00:00:08,751 - Okay so to begin with, we're gonna talk about 2 00:00:08,751 --> 00:00:12,180 the Terraform block and provider blocks 3 00:00:12,180 --> 00:00:14,603 in your Terraform config. 4 00:00:15,508 --> 00:00:20,200 The Terraform block is used to configure Terraform itself. 5 00:00:22,050 --> 00:00:25,990 So one common thing to put here is the required version. 6 00:00:25,990 --> 00:00:29,600 So especially since version 12, 7 00:00:29,600 --> 00:00:30,914 it's pretty important to specify 8 00:00:30,914 --> 00:00:35,129 that you're using configuration that's compatible 9 00:00:35,129 --> 00:00:39,120 with 0.12 or above. 10 00:00:39,120 --> 00:00:41,970 But it's always a good idea to include this block 11 00:00:42,873 --> 00:00:45,928 just so that you know that somebody doesn't try and run 12 00:00:45,928 --> 00:00:49,900 your configuration with some older version. 13 00:00:49,900 --> 00:00:54,900 And you can see that this works really simply. 14 00:01:00,800 --> 00:01:04,460 Okay so I've told it that we're gonna require 15 00:01:04,460 --> 00:01:08,223 Terraform version 13, which doesn't exist currently. 16 00:01:09,450 --> 00:01:12,113 But if we do Terraform 12, 0.12, 17 00:01:13,870 --> 00:01:16,390 it should tell us that infrastructure's up to date. 18 00:01:16,390 --> 00:01:17,340 So that's a simple thing. 19 00:01:17,340 --> 00:01:19,980 The other thing that is commonly configured 20 00:01:19,980 --> 00:01:23,350 in the Terraform block are remote back ends. 21 00:01:23,350 --> 00:01:24,370 And we're gonna talk about that 22 00:01:24,370 --> 00:01:25,490 in the collaboration section. 23 00:01:25,490 --> 00:01:26,790 So we're not gonna cover that right now, 24 00:01:26,790 --> 00:01:28,779 but just know that it's pretty typical, 25 00:01:28,779 --> 00:01:33,779 and it's best practice, to include a Terraform block 26 00:01:34,060 --> 00:01:37,380 even though it may be completely optional, right? 27 00:01:37,380 --> 00:01:39,220 Your Terraform might work perfectly fine 28 00:01:39,220 --> 00:01:40,670 without your Terraform block, 29 00:01:42,520 --> 00:01:45,090 but it does serve as a good way of documenting 30 00:01:45,090 --> 00:01:47,200 what version of Terraform was used 31 00:01:47,200 --> 00:01:48,683 to create the configuration. 32 00:01:50,120 --> 00:01:52,003 Provider blocks are also optional. 33 00:01:53,060 --> 00:01:56,830 If your provider doesn't require any configuration, 34 00:01:56,830 --> 00:02:00,080 then Terraform doesn't actually need 35 00:02:00,080 --> 00:02:03,043 a provider block to be present. 36 00:02:04,030 --> 00:02:05,718 But it's always best practice to specify 37 00:02:05,718 --> 00:02:10,560 at least the version of the provider that you're using. 38 00:02:10,560 --> 00:02:13,660 This is how you can ensure that you have 39 00:02:13,660 --> 00:02:17,300 reproducible builds in Terraform. 40 00:02:17,300 --> 00:02:19,140 If you don't specify the version, 41 00:02:19,140 --> 00:02:22,050 it will actually give you a warning when you are on plan. 42 00:02:22,050 --> 00:02:23,540 So just as a best practice, 43 00:02:23,540 --> 00:02:25,820 always put in a provider block, 44 00:02:25,820 --> 00:02:27,562 even if you don't require it. 45 00:02:27,562 --> 00:02:30,730 For the main cloud providers, 46 00:02:30,730 --> 00:02:33,146 it's usually required because you have to give it 47 00:02:33,146 --> 00:02:36,520 some configuration for most of them. 48 00:02:36,520 --> 00:02:38,810 So for example, this is a configuration 49 00:02:38,810 --> 00:02:40,723 for the AWS provider. 50 00:02:41,840 --> 00:02:46,840 The region is a required configuration. 51 00:02:48,040 --> 00:02:50,971 And then also often times you'll need to give it 52 00:02:50,971 --> 00:02:52,610 some sort of a credential. 53 00:02:52,610 --> 00:02:55,963 Now you can see that I have these commented out. 54 00:02:57,380 --> 00:03:00,975 The AWS provider will accept access key and secret key 55 00:03:00,975 --> 00:03:05,463 as configuration options to the provider. 56 00:03:07,110 --> 00:03:08,490 Hopefully it's obvious to everybody 57 00:03:08,490 --> 00:03:10,000 that that's a really bad idea. 58 00:03:10,000 --> 00:03:13,940 Those are sensitive and secrets. 59 00:03:13,940 --> 00:03:15,550 They're essentially passwords. 60 00:03:15,550 --> 00:03:20,470 So it's best not to store those in your Terraform code 61 00:03:20,470 --> 00:03:23,060 that gets checked in to a source code repository 62 00:03:23,060 --> 00:03:25,170 and may be readable by a lot of people. 63 00:03:25,170 --> 00:03:27,411 Okay so if it's not stored in here, 64 00:03:27,411 --> 00:03:30,100 then how do we store it? 65 00:03:30,100 --> 00:03:31,300 Well in the case of AWS, 66 00:03:32,700 --> 00:03:37,700 it can use the AWS command line tool configuration files 67 00:03:39,160 --> 00:03:41,900 that are stored in your home directory. 68 00:03:41,900 --> 00:03:45,430 Or it will read environment variables. 69 00:03:45,430 --> 00:03:47,610 So I've set up my environment 70 00:03:47,610 --> 00:03:52,270 with my AWS access and secret keys. 71 00:03:52,270 --> 00:03:53,676 I can't show you those for obvious reasons. 72 00:03:53,676 --> 00:03:55,633 Those are secrets. 73 00:03:56,490 --> 00:03:58,583 But that's the recommended way to do it. 74 00:03:58,583 --> 00:04:03,583 And then most continuous deployment services 75 00:04:03,650 --> 00:04:08,650 have a way to manage secrets and environment variables. 76 00:04:09,340 --> 00:04:12,010 So all the cloud providers are different 77 00:04:12,010 --> 00:04:14,370 in what they require. 78 00:04:14,370 --> 00:04:18,280 Google, for example, requires a service account file. 79 00:04:18,280 --> 00:04:23,280 It's a JSON file with some encryption keys in it. 80 00:04:23,492 --> 00:04:27,140 AWS requires the secret key and the access key. 81 00:04:27,140 --> 00:04:29,100 So if you have to consult the documentation 82 00:04:29,100 --> 00:04:32,920 on what exactly it is that the different providers require 83 00:04:32,920 --> 00:04:34,270 in terms of authentication.