35,99 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Fachliteratur
- Sprache: Englisch
This HashiCorp Terraform Associate (003) exam guide simplifies technical content relating to the exam and helps you learn using real-world examples. The book is aligned with the latest exam objectives, which enables you to streamline your learning experience instead of referring to multiple sources for preparation. Moreover, the book is designed to serve as a "one-stop solution" for readers with varied levels of experience in Terraform.
You'll learn how to efficiently provision and manage cloud and on-premises infrastructure using Terraform. As you progress, you’ll focus on essential commands, state management techniques, and best practices. Later chapters will show you how to harness the power of Terraform modules for code reusability and scalability. You’ll also gain insights into advanced topics such as debugging, troubleshooting, and leveraging Terraform Cloud and Terraform Enterprise for collaborative infrastructure management. This book provides you with lifetime access to supplementary practice resources such as mock exams, flashcards, and exam tips from experts.
By the end of this book, you’ll have the knowledge and skills you need to confidently tackle the Terraform Associate certification exam and excel in your career.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 366
Veröffentlichungsjahr: 2024
Ähnliche
HashiCorp Terraform Associate (003)
Exam Guide
Prepare to pass the Terraform Associate exam on your first attempt
Chandra Mohan Dhanasekaran
Manjunath H. Gowda
HashiCorp Terraform Associate (003) Exam Guide
Copyright © 2024 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
Authors: Chandra Mohan Dhanasekaran and Manjunath H. Gowda
Reviewers: Salim Tekin and Mehdi Laruelle
Publishing Product Manager: Anindya Sil
Senior-Development Editor: Ketan Giri
Development Editor: Kalyani S.
Presentation Designer: Salma Patel
Editorial Board: Vijin Boricha, Megan Carlisle, Simon Cox, Ketan Giri, Saurabh Kadave, Alex Mazonowicz, Gandhali Raut, and Ankita Thakur
First Published: May 2024
Production Reference: 1310524
Published by Packt Publishing Ltd.
Grosvenor House
11 St Paul’s Square
Birmingham
B3 1RB
ISBN: 978-1-80461-884-4
www.packtpub.com
Contributors
About the Authors
Chandra Mohan Dhanasekaran, a.k.a. Chandru D, is an AWS Certified Solutions Architect at Philips, focused on designing world-class resilient and cost-efficient solutions for customers in the public cloud. His previous experience includes stints at banking giants including JP Morgan Chase & Co. and Danske Bank, the largest bank in Denmark and very popular in the Nordic countries. He has close to 15 years of professional IT experience in different domains and various technology stacks ranging from mainframes to frontend, distributed, and container technologies. He has always had a profound love for mainframe systems and is fascinated by the advantages of using IaC tools and cloud services. You can find him at almost all AWS events and meetups around Bengaluru, and he loves to connect with people.
He always looks to explore new and blossoming open source technologies and is a fan of serverless technologies and Kubernetes. You can connect with him on LinkedIn: https://www.linkedin.com/in/chandrud
Outside of work, he loves cooking for the kids at the weekend and enjoys jogging whenever he finds time. He’s also a die-hard Manchester United fan and watching “Rafa” (Rafael Nadal) around the tennis court is something he can’t afford to miss!
Manjunath H. Gowda is a VP of cloud engineering at Lentra.ai. Previously, he worked at AWS as a solutions architect, helping customers migrate to AWS and build cloud-native solutions in the AWS cloud. While working as a freelance consultant, he helped several startups with their AWS architecture, cost optimization, infrastructure security assessment, and automation using IaC tools. He has a special interest in cloud security and infra-automation using IaC tools such as CloudFormation and Terraform.
When not in front of a laptop, he plays cricket and loves long-distance cycling. He is a loyal RCB fan who genuinely believes in the RCB slogan, “Ee sala cup namde”.
You can connect with him at https://www.linkedin.com/in/manju712/.
About the Reviewers
Salim Tekin is a seasoned Senior DevOps Engineer, currently spearheading the optimization of the Data Science Platform at Generali Germany. Prior to this role, he served as a Cloud Engineer Consultant at Deloitte, where he specialized in crafting tailored cloud solutions. Before his tenure at Deloitte, Salim showcased his versatility as an ADAS Engineer at Bertrandt, simultaneously holding the role of Product Owner for Connectivity Backend on the 'Harry' project. With a rich skill set including Certified Kubernetes Administration and Development, AWS & GCP Architecture, and proficiency in tools like Terraform and Prometheus, Salim excels in driving efficiency and scalability in complex technological landscapes. Holding a Diploma in Industrial Engineering with a focus on Electronics & Informatics, Salim combines academic prowess with practical expertise to deliver impactful solutions. Outside of work, Salim enjoys staying abreast of the latest technological advancements and spending time with family and friends.
Mehdi Laruelle is a seasoned professional with a diverse background in the industry. With extensive experience working for major players and startups, he's honed his skills as a consultant, particularly in the realm of cloud, DevOps culture and tools. His proficiency extends to HashiCorp software like Terraform and Vault, among others. Passionate about sharing knowledge, Mehdi actively engages in training, writing articles, and organizing meetups. As the co-organizer of the HashiCorp User Group France meetup, he fosters a community of learning and collaboration. His expertise is widely recognized, earning him distinctions as a HashiCorp Ambassador, AWS Community Builder, and AWS Authorized Instructor (AAI). You can find him on GitHub under the username "mehdilaruelle".
Table of Contents
Preface
1
Introduction to Infrastructure as Code (IaC) and Concepts
Making the Most Out of This Book – Your Certification and Beyond
Technical Requirements
What Is IaC?
Scenario
Basic Concepts of IaC
Declarative Approach versus Imperative Approach
Version Control
Idempotency
Infrastructure Provisioning and Configuration Management
IaC Tools in the Market
How to Choose the Right IaC Tool
HashiCorp Terraform
Progress Chef
Creating Your First Recipe
Puppet
Pulumi
AWS CloudFormation
IaC Use Cases
Multi-Cloud Deployments
Application Deployments, Scaling, and Monitoring Tools
Policy Compliance and Management
Testing Environments and Software Demos
Benefits of IaC
Rapid Deployments and Tool Integration
Lower Costs and Error Reduction
Configuration Drift Elimination
Improved Infrastructure Consistency
DevOps and CI/CD
Don’t Repeat Yourself (DRY)
Creating a Simple AWS DynamoDB Table Using a CloudFormation Template
Creating an AWS S3 Bucket Using Terraform
Summary
Exam Readiness Drill – Chapter Review Questions
2
Why Do We Need Terraform?
History of Infrastructure Provisioning
Why Is the Cloud Model a Good Fit for Infrastructure Automation?
Infrastructure Automation Using IaC
Advantages of IaC
Various Options for Implementing IaC
What Is Terraform?
Features of Terraform
Licensing Change from Version 1.5.5 (Aug 2023)
Summary
Exam Readiness Drill – Chapter Review Questions
3
Basics of Terraform and Core Workflow
Technical Requirements
How Terraform Works
Getting Started with Terraform
Terraform CLI Installation Check
AWS CLI Installation Check
Creating Your First Terraform Resource – AWS IAM User
Terraform Settings
HCP Terraform Configuration Using the cloud {} block
Terraform Backend Configuration Using the backend {} Block
The required_version Setting
The required_providers {} Block
Experimental Features
Provider Metadata
Terraform Providers
Types of Terraform Providers
Provider Requirements
Provider Configuration
Dependency lock file (.terraform.lock.hcl)
Resources and Data Sources
Resources Syntax
Resources Meta-Arguments
Data Sources
Variables and Outputs
Input Variables
Output Values
Local Values
Core Workflow
Summary
Exam Readiness Drill – Chapter Review Questions
4
Terraform Commands and State Management
Technical Requirements
Basic Workflow Commands
The init Command
The plan Command
The apply Command
The destroy Command
Commands for Code Management
The fmt Command
The validate Command
Special Commands
The login Command
The logout Command
The console Command
The output Command
The show Command
The graph Command
The import Command
State Management and the terraform state Command
The state Command
Subcommands of terraform state
The terraform state list Command
The terraform state show Command
The terraform state mv Command
The terraform state rm Command
The terraform state replace-provider Command
The terraform state pull Command
The terraform state push Command
Summary
Exam Readiness Drill – Chapter Review Questions
5
Terraform Modules
Technical Requirements
Why Do We Need Modules?
Complexity
Duplication of Code
Segregation
Misconfiguration
What Is a Terraform Module?
Advantages of Modules
Reduces Complexity
Reduces Code Duplication
Segregation
Reduces Misconfigurations
Self-Service
Types of Modules
The Root Module
The Child Module
Local Modules
Remote Modules
Module Structure
The Module Block’s Syntax
Key Points to Consider When You Create a Module
Key Points to Consider While Using a Module
Drawbacks of Modules
Summary
Exam Readiness Drill – Chapter Review Questions
6
Terraform Backends and Resource Management
What Are Backends?
Backend Configuration
Configuring the backend {} Block
Partial Configuration
Supported Backends
local
remote
s3
http
pg
Kubernetes
Consul
azurerm
cos
gcs
oss
Resource Addressing and Dependencies
Resource Addressing
Resource Dependencies
Expressions and Constraints
Data Types
Operators
Conditional Expressions
for Expressions
splat Expressions
Type Constraints
Version Constraints
Summary
Exam Readiness Drill – Chapter Review Questions
7
Debugging and Troubleshooting Terraform
Configuration Errors
override.tf File-Related Issues
terraform validate
Variable-Related Issues
Type Constraint
Input Validation
Variable Precedence
State-Related Issues
Configuration Drift
State Conflict
Migrating the State from One Backend to Another
Core and Provider-Related Issues
Module-Related Issues
Missing Features
Output-Related Issues
Unsupported Argument
Version-Related Issues
Taking Help from the Forum
Bug Reporting
Gotchas
Avoid Lists Where Possible
Using -target in Terraform Runs
General Tips
Summary
Exam Readiness Drill – Chapter Review Questions
8
Terraform Functions
Technical Requirements
Function Syntax
Numeric Functions
The abs() Function
The ceil() Function
The floor() Function
The max() Function
The min() Function
The pow() Function
The log() Function
The signum() Function
The parseint() Function
String Functions
The split() Function
The join() Function
The endswith() Function
The startswith() Function
The chomp() Function
The substr() Function
The strrev() Function
The lower() Function
The upper() Function
The trim() Function
The trimprefix() and trimsuffix() Functions
The trimspace() Function
The indent() Function
The replace() Function
The strcontains() Function
The title() Function
The format() Function
The formatlist() Function
The regex() Function
The regexall() Function
Date and Time Functions
The timestamp() Function
The formatdate() Function
The plantimestamp() Function
The timeadd() Function
The timecmp() Function
Collection Functions
The alltrue() Function
The anytrue() Function
The chunklist() Function
The coalesce() and coalescelist() Functions
The compact() Function
The concat() Function
The contains() Function
The distinct() Function
The element() Function
The flatten() Function
The keys() and values() Functions
The index() Function
The length() Function
The lookup() Function
The matchkeys() Function
The merge() Function
The one() Function
The range() Function
The reverse() Function
Set Functions
The slice() Function
The sort() Function
The sum() Function
The transpose() Function
The zipmap() Function
Type Conversion Functions
The can() Function
The sensitive() and nonsensitive() Functions
The try() Function
The type() Function
Conversion Functions
Filesystem Functions
The abspath() Function
The dirname() and basename() Functions
The pathexpand() Function
The file() and filebase64() Functions
The fileexists() Function
The fileset() Function
The templatefile() Function
IP Network Functions
The cidrhost() Function
The cidrnetmask() Function
The cidrsubnet() Function
The cidrsubnets() Function
Encoding Functions
The base64encode() and base64decode() Functions
The base64gzip() Function
The csvdecode() Function
The jsonencode() and jsondecode() Functions
The textencodebase64() Function
The textdecodebase64() Function
The urlencode() Function
The yamlencode() and yamldecode() Functions
Hash and Crypto Functions
The uuid() Function
The uuidv5() Function
Summary
Exam Readiness Drill – Chapter Review Questions
9
Understanding HCP Terraform’s Capabilities
Terraform Editions
Shortcomings of Terraform Community Edition
HCP Terraform Features
Remote State Management
Multiple Workflows
Multiple Execution Modes
Version Control System Integration
Private Registry
Notifications
Run Tasks
Role-Based Access Control
Policy Enforcement
Cost Estimation
HCP Terraform Pricing
Key Concepts of HCP Terraform
Workspaces
Projects
Users
Teams
Permissions
Organizations
Locking Workspaces
Sentinel Policies
Explorer
HCP Terraform Sign-Up
Creating an Account with HCP Terraform
Creating an Account with HCP
Exercises on Workflows and Execution Modes
Remote Execution Mode Using the CLI-Driven Workflow
Local Execution Mode Using the CLI-Driven Workflow
Remote Execution Mode Using the VCS/UI Workflow
Creating a Public GitHub Repository and Adding Configuration Files
Integrating the VCS Repository with HCP Terraform
Testing the VCS/UI Workflow in HCP Terraform
Cost Estimation Feature
Migrating to HCP Terraform or Terraform Enterprise
Terraform Enterprise Features
Summary
Exam Readiness Drill – Chapter Review Questions
10
Miscellaneous Topics
Technical Requirements
Input Validations
Preconditions and Postconditions
The check {} block
Workspaces
The dynamic {} block
Provisioners
The file provisioner
The local-exec provisioner
The remote-exec provisioner
Handling Sensitive Data
AWS Access Keys or Admin Credentials
Variables
Output Values
Next Steps
Summary
Exam Readiness Drill – Chapter Review Questions
11
Accessing the Online Practice Resources
Other Books You May Enjoy
Download a Free PDF Copy of This Book
Thanks for purchasing this book!
Do you like to read on the go but are unable to carry your print books everywhere?
Is your eBook purchase not compatible with the device of your choice?
Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.
Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical books directly into your application.
The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content in your inbox daily.
Follow these simple steps to get the benefits:
Scan the QR code or visit the link below:https://packt.link/free-ebook/9781804618844
Submit your proof of purchase.That’s it! We’ll send your free PDF and other benefits to your email directly.1
Introduction to Infrastructure as Code (IaC) and Concepts
In the ever-evolving era of technology, the software applications being built are expected to be scalable in nature at the very minimum. The term scalability means the ability of an application or system to always match the growing needs of its user base and handle the increase in the number of users without any problems. This is applicable to all types of applications, including web applications, backend microservices, and internal apps. Such scalable apps are well suited for deployment in the cloud rather than on-premises because of the dynamic resource needs and because automating the scaling process (both scaling up and scaling down) will reap greater benefits. This is exactly where Infrastructure as Code (IaC) adds value.
In this chapter, you will explore IaC in detail and the various aspects of this framework through the following topics:
What is IaC?Basic concepts of IaCIaC tools on the marketIaC use casesBenefits of IaCBy the end of this chapter, you will have a firm understanding of IaC concepts, which will help you build your knowledge of the Terraform tool and focus on getting the HashiCorp Terraform Associate 003 certification in the subsequent chapters.
Making the Most Out of This Book – Your Certification and Beyond
This book and its accompanying online resources are designed to be a complete preparation tool for your AZ-204 Exam.
The book is written in a way that you can apply everything you’ve learned here even after your certification. The online practice resources that come with this book (Figure 1.1) are designed to improve your test-taking skills. They are loaded with timed mock exams, interactive flashcards, and exam tips to help you work on your exam readiness from now till your test day.
Before You Proceed
To learn how to access these resources, head over to Chapter 11, Accessing the Online Practice Resources, at the end of the book.
Figure 1.1 – Dashboard interface of the online practice resources
Here are some tips on how to make the most out of this book so that you can clear your certification and retain your knowledge beyond your exam:
Read each section thoroughly.Make ample notes: You can use your favorite online note-taking tool or use a physical notebook. The free online resources also give you access to an online version of this book. Click the BACK TO THE BOOK link from the Dashboard to access the book in Packt Reader. You can highlight specific sections of the book there.Chapter Review Questions: At the end of this chapter, you’ll find a link to review questions for this chapter. These are designed to test your knowledge of the chapter. Aim to score at least 75% before moving on to the next chapter. You’ll find detailed instructions on how to make the most of these questions at the end of this chapter in the Exam Readiness Drill - Chapter Review Questions section. That way, you’re improving your exam-taking skills after each chapter, rather than at the end.Flashcards: After you’ve gone through the book and scored 75% more in each of the chapter review questions, start reviewing the online flashcards. They will help you memorize key concepts.Mock Exams: Solve the mock exams that come with the book till your exam day. If you get some answers wrong, go back to the book and revisit the concepts you’re weak in.Exam Tips: Review these from time to time to improve your exam readiness even further.This chapter covers the following main topics:
The benefits of cloud computingCloud deployment modelsCloud service modelsThe core concepts of AzureTechnical Requirements
This is an introductory chapter on IaC that covers aspects such as use cases, different tools, and benefits that require no prior experience. However, basic knowledge of code development practices, public and private clouds, automation, DevOps, containers, and virtualization will help you understand the chapter better.
There are a couple of exercises at the end of this chapter to help you get a feel for using IaC tools. To complete them, you need the following:
Amazon Web Services (AWS) account ID with administrator accessAWS CLI version 2.x.xTerraform CLI version 1.5.x or laterVisual Studio Code or any text editorThe GitHub repository for the chapter contains the graphics and sample scripts used in the chapter and can be found here:
https://github.com/PacktPublishing/Hashicorp-Certified-Terraform-Associate-003-Exam-guide-Second-Edition/tree/main/ch1
What Is IaC?
In simple terms, IaC is the process of managing and provisioning an infrastructure through code instead of manual processes. In software engineering, you usually come across code development in programming languages such as Java, Python, and so many others that follow the Software Development Life Cycle (SDLC) process and then store them in a version-controlled source management tool such as GitHub or Bitbucket when they’re ready. They are then deployed in the appropriate infrastructure where needed, either manually or with the help of an automated CI/CD pipeline.
The concept of IaC revolves around similar practices, such as creating a set of configuration scripts that will exactly provide the same infrastructure every time when executed and are also version controlled and properly tested.
IaC tools help us define the infrastructure in human-readable configuration files that can be applied multiple times, and they provide the same infrastructure every time without any changes from the desired state.
Figure 1.1 shows the IaC workflow and how it can transform the configuration scripts or files into real-world infrastructure components.
Figure 1.2 – IaC workflow
Scenario
“Company X wants to build a next-generation e-commerce web application that will be used by millions of its customers. The solution will have multiple microservices working with different architectures and will be deployed in a cloud that needs to run 24x7 for 365 days a year.”
There are two ways to provide the infrastructure needed to run this application:
Traditional approachIaC-based approachIn the traditional approach, there are clear segregations of responsibilities among the different teams involved, such as application development teams for app development, infrastructure teams for provisioning the resources to deploy the application, and operations teams to support the solution in production.
Once the entire solution has been developed and is ready for production, the development team will get in touch with the infrastructure team and share the requirements to run the application, usually with the ticketing mechanism. Then the infrastructure team will have a dedicated person/team to work on the task and make necessary planning for the deployment.
The planning process will involve procuring the dependent software and the required licenses and installing them on the server where the app will be running. The team will also spend time creating the scripts that need to be run manually before the deployment to get the environment ready.
The operations team will work on the monitoring part of the web application and come up with approaches such as health checks and mail notifications when there are any issues to support the deployment. There will be situations where the incoming traffic will increase rapidly, which requires scaling, and they might need to contact the infrastructure team to deploy multiple instances to serve the traffic, and the manual process will repeat once again. If there are any manual errors in this approach, that will delay the deployment of additional instances, which will affect the business.
As you can see, there are different bottlenecks in the overall execution and the temporary delays will have a bigger impact, and that is where the IaC approach will add real value.
In the IaC approach, based on DevOps principles, the application development team will also be responsible for the infrastructure provisioning, and they might support the application in production.
Once the application is ready to be deployed, the team focuses on creating the configuration scripts that will provision the required infrastructure on the cloud or on-premises setup. The team would be comfortable with going with the cloud-based deployment to make use of fully managed services and the pay-as-you-go model to avoid upfront costs.
