DevOps Classroom Series – 17/Oct/2020

Terraform Remote Backends

  • Quick Recap: Preview Preview
  • For backend official docs Refer Here
  • For our architecture with terraform template Refer Here
  • Lets remove the local state and move towards Remote backend
  • For this we will consider two devops engineers from annie’s team want to work parallelly on terraform to provision infrastructure. But they don’t want multiple environments
  • So lets create Remote backend for infrastructure
  • Every Remote Backend should
    • Provided a space for storing state file.
    • Avoid multiple engineers parallely creating one environment. They should support locking.
  • Lets look at AWS based Remote Backend S3 (Simple Storage Service)
    • S3 can store the state but cannot support locking feature.
    • To make locking possible in AWS we use one more service called as Dynamo DB
  • Lets create a S3 bucket and Dynamo Db table to store and lock state respectively
    • S3 Bucket Creation Preview Preview Preview Preview
    • Dynamo Db Creation Preview Preview
  • Now lets review the S3 Backend type Refer Here
  • Now add backend to the terraform as shown in the changeset Refer Here
  • Execute the following command
terraform init


  • Now lets see what happens when other engineer also tries to apply. When two engineers from two different systems try to create infra at same time terraform gives access to only one user, the other gets error Preview

AWS Manual ntier architecture Creation

  • Please refer the class room recording.
  • Steps (Partial):
    • Create VPC
    • Add Subnets
    • Create Internet gateway and attach to vpc
    • Create two Route tables
      • Public
        • Attach to web and management subnets
        • Create a route to internet gateway for
      • Private
        • Attach to app and db subnets
        • Create a route to internet gateway for (Not a good practice but we will remove this at the last after configuring completely)
    • Create an rds db instance with mysql on db and db2 subnetgroup
      • Create a db subnet group with db and db2 subnets
  • Lets try to update the terraform template to perform the above steps
    • We have already terraform template which creates vpc and subnets
    • So lets get started from creating internet gateway. Refer Here for the changeset
    • Now lets add two route tables and for the changeset Refer Here Preview
    • Now lets add route table associations Refer Here for official docs
      • public route table with web and web2, mgmt
      • rest of the subnets to private route table
    • We will be defining a map variable and lookup map using lookup function Refer Here and also locals Refer Here
    • For changes Refer Here
    • Now lets create a db subnet group Refer Here for aws docs
    • Refer Here for the changes done.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin