Implementing Infrastructure as Code with Terraform | AWS Cloud Resume Challenge - Part 6

00:00

welcome to part six of the AWS Cloud

00:03

resume challenge this is your host

00:04

Richard and you know I've been doing

00:06

this challenge for a while now but we

00:09

have covered a lot of topics in the

00:11

previous five parts so we have set up

00:14

cicd for our S3 which is the front end

00:17

we created an S3 bucket with cloudfront

00:20

which hosts our website we created a

00:22

dynamodb table and also a Lambda

00:25

function in Python that gets a severe

00:28

count from our dynamodb table and

00:30

displays it on our website so I hope

00:32

you're enjoying this series today I'm

00:34

gonna cover some really interesting

00:36

topic which is one of the main concepts

00:38

of devops known as IC which stands for

00:41

infrastructure as code and as I did a

00:44

poll few weeks ago on what should I

00:46

choose as the tool you know terraform or

00:49

cloud formation a lot of you said

00:50

terraform so we'll be trying out some

00:53

terraform today

00:54

coming up to the cloud resume challenge

00:57

website so this is the part that we'll

01:00

be covering which means we are almost

01:03

done with this challenge you should have

01:05

a working project by now with that being

01:08

said let's Dive Right into writing some

01:11

terraform

01:21

so in your provider.tf

01:24

you can either have the profile so if

01:27

you have set up AWS CLI with profiles

01:30

you can list that profile here if you

01:33

don't know I'll leave it linked down

01:34

below and you can read more about how to

01:36

set up adobe CLI profile if not you will

01:40

have to set up the access key and the

01:42

secret key for your IM user that has

01:44

access to deploy the resources that

01:46

we'll be deploying today so it's either

01:49

this or your profile

01:51

so now the main.tf comes into play so

01:56

this is where all of the main

01:58

infrastructure code will go so in our

02:00

case I'm going to start with the Lambda

02:03

function and I also would you like to

02:06

remind that we used Lambda function URLs

02:09

which is now an available resource in

02:13

the AWS terraform provider but before we

02:16

can get started with the URL we first

02:19

need a Lambda function so let's create a

02:22

Lambda function called my function or

02:25

I'll make it short for my func

02:30

and now we'll also create a im rule for

02:34

our Lambda function

02:36

and the way we upload our Lambda

02:39

function through terraform is by using a

02:42

zip file so I'll add the code to do that

02:45

here now

02:46

so now what we have to do as you can see

02:49

as per the instructions that I mentioned

02:51

here I need a Lambda directory and

02:55

inside that Lambda directory we'll be

02:57

using a file called func Dot py

03:04

and this func.py will basically contain

03:08

our python code that we wrote in the

03:11

console for a Lambda function so just to

03:14

remind you this is how our Lambda

03:16

function looked like in the AWS console

03:18

what I'm going to do is just copy this

03:20

python code and paste it in our func.py

03:24

file here and don't get confused by the

03:27

names you can name whatever you want

03:29

your Lambda function to be which in my

03:32

case is my func or even the func.py file

03:36

just make sure to reference them in our

03:39

terraform files accordingly so I'm just

03:41

gonna do Ctrl s and coming back to the

03:45

main.tf everything looks good so now let

03:48

me show you how it would look like if it

03:50

did deploy this infrastructure using

03:53

terraform so what I'm going to do is

03:55

going to provider.tf since I don't want

03:57

to set up access key or secret key I do

04:00

have a profile set up on my local

04:02

machine here which is called default I

04:05

believe so if I click controller s and

04:07

open up my terminal here we have to go

04:10

into the infra directory right and now

04:13

here we will do a terraform in it which

04:16

will initialize the terraform directory

04:20

that we have so it launches so it

04:22

creates a bunch of files like terraform

04:26

lock and also the state files which

04:28

remembers what the state of our

04:31

infrastructure is and you will

04:33

understand more as I go through this

04:35

demo here so let's do terraform plan

04:38

which will show us what do we plan on

04:42

deploying to our AWS infrastructure and

04:45

as you can see plan says two to add one

04:48

of them being the Lambda function and

04:51

then the I am rule that we have so let's

04:55

do

04:56

terraform apply enter yes

05:00

it'll start creating the Lambda function

05:03

for us so we'll give it a minute to do

05:06

that

05:08

okay so the apply has been completed and

05:10

you can see two resources were added as

05:13

per our terminal the region was a

05:16

central so let's go look at our AWS

05:18

console to see if the Lambda function

05:21

was deployed so you can see my func was

05:24

deployed 34 seconds ago and if you click

05:27

on that you will see that the code has

05:30

been pushed right as we wanted it to be

05:33

the only thing is it won't have a

05:37

function URL because we didn't configure

05:39

it in our terraform file so let's go

05:42

back and do that because we needed the

05:45

URL to trigger our Lambda function right

05:48

because that's how we get the viewer

05:50

count from dynamodb okay so coming back

05:53

to our main.tf we need to add a chunk of

05:57

code here to deploy function URL and the

06:01

way you do that is by using a resource

06:04

called AWS underscore Lambda underscore

06:06

URL

06:08

so this is the resource remember I have

06:11

set the authorization Type To None So

06:14

that the URL is publicly accessible but

06:17

you can set up calls so that the

06:20

function can only be called from your

06:22

own resume website so in allow regions

06:25

make sure you have your own website's

06:28

domain so I'll do Ctrl s which would

06:31

save domain.tf and open the terminal

06:34

again here and let's do terraform plan

06:37

again this is where these State Files

06:40

come into play so as you can see it

06:42

plans on adding one other resource now

06:44

which is our Lambda function URL so this

06:48

is how it identifies that oh if I'm

06:51

changing the infrastructure because

06:53

remember our main.tf has all three

06:55

resources right the Lambda function the

06:57

IM Rule and the Lambda function URL but

07:01

instead it only said want to add because

07:03

it checked in the state file that the

07:06

other two resources are already deployed

07:09

so I hope you understand the concept of

07:12

the state file here

07:13

so we'll do terraform apply and like

07:16

last time we'll enter yes

07:18

and there we go the apply was complete

07:21

let's go back to our Lambda function

07:23

here and let's do a quick refresh we'll

07:27

see that it was the last modified 15

07:29

seconds ago and if you look at

07:31

configuration you can see we have a

07:33

function URL

07:35

so if we click on that I want you to

07:38

guess in the comments what would happen

07:39

I think that we should get a viewer

07:41

count but we forgot one crucial step

07:45

internal server error so the reason we

07:48

get an internal server error is because

07:50

the Lambda function that we set up it

07:53

has an IEM rule remember in our main.tf

07:57

and in that policy statement we didn't

08:00

include dynamodbe and our Lambda

08:04

function does need access to dynamodb in

08:07

order to get and update the account so

08:10

let's change this policy okay so let's

08:13

create another IM role policy that we

08:17

will attach to our IAM rule so coming

08:21

down here and I'm just also going to

08:24

link the AWS documentation that you will

08:28

find handy when you're creating this

08:30

policy so I'm just going to quickly type

08:32

it down

08:35

okay so I have my I am policy here as

08:39

you can see AWS I'm policy and I've just

08:42

named it I am policy for a resume

08:44

project and you can change this right

08:46

and if you look at the policy it is

08:49

allowing the action here called update

08:51

item and get item for dynamodb

08:54

and let's make sure the intent is nice

08:57

the resource make sure you update this

09:00

to your table name so in my case the

09:02

table name is resume Dash challenge as

09:05

you can see in the python function here

09:07

so whatever your dynamodb table name is

09:10

make sure it's you know pointing to that

09:12

if I click Ctrl s that will save our

09:15

main.tf file

09:16

and now the last thing to do is attach

09:20

this policy to our IM rule which we can

09:23

do here at the bottom so if I do

09:27

resource AWS IM role policy attachment

09:30

so you can find more information on this

09:33

resource on the AWS provider for

09:35

terraform and I am attaching the rule

09:39

that we created called IAM for Lambda to

09:43

the policy that we created called IM

09:44

policy for a resume project so let's do

09:47

that

09:51

and then the policy is

09:55

there we go so we have our that resource

09:59

ready so if we do Ctrl s and open my

10:02

terminal here

10:04

let's do terraform plan

10:07

so we have some syntax error on line 61

10:11

which is right here so I forgot

10:15

to put dot name at the end so we'll do a

10:18

control s again and do terraform plan

10:21

again to see if everything looks good so

10:24

yes there are two changes or two things

10:27

that need to be added so we'll do

10:28

terraform apply and I'll ask for a yes

10:33

or no we'll go with Yes again and there

10:35

we go two resources were added so now if

10:39

I go to my functions here click on my

10:42

func and we know that it already had the

10:45

role name as I am for Lambda as we

10:48

described in our main.tf so if we look

10:50

at the permission you can see that there

10:52

is a policy attached now right and if I

10:55

open that up and you can see it has

10:57

dynamodb read and write the table name

11:00

is resume Dash challenge

11:02

so now if we click on this URL and I

11:06

hope we get the viewer account and you

11:08

can see we are getting 29388 which is my

11:13

Tano DB tables value right now so we

11:16

finally have our function working again

11:19

in this video we build terraform files

11:22

to deploy Lambda function so this is the

11:26

python function that got deployed right

11:29

from our code editor and we can set up

11:32

GitHub action for you know further

11:34

deployments of this terraform so let's

11:38

say we change you know something in our

11:40

policy or if we go to Lambda and we

11:43

changed our function dot pi to do

11:46

something different we can have a GitHub

11:48

action workflow that will deploy the

11:50

changes automatically

11:52

so just to wrap it up we have main.tf we

11:55

have provider.tf and we have function.pi

11:58

which is our Lambda function in Python

12:01

and all of this is available under the

12:04

infra directory on my GitHub repo so you

12:07

can check it out I would also recommend

12:09

adding a git dot ignore to your info

12:12

folder to make sure you don't commit you

12:15

know your credentials and stuff so in

12:17

order to take this challenge folder what

12:19

you can do is create write terraform

12:21

code for creating dynamodb table

12:24

terraform code for your S3 bucket so

12:27

like all of the infrastructure bits that

12:29

we created you know dynamodb Lambda and

12:32

S3 are created by terraform and you can

12:35

use palumi or cloud formation to do your

12:38

ioc so for the next part comment down

12:42

below but what I was thinking is have

12:44

the CI CD pod set up for the backend

12:46

which means the GitHub action that I was

12:48

talking about which would deploy any of

12:50

the changes we do to our main main.tf or

12:53

any of the terraform files and also

12:55

include some testing so I remember we

12:59

left out testing so maybe we set up some

13:01

tests for our python code so you know

13:03

the Lambda function and we do some mock

13:06

tests for how the dynamodb gets called

13:09

and like some mock responses that we can

13:11

do so let me know if you're interested

13:13

in that but I feel pretty good about

13:15

this Challenge and as I said you can

13:17

take it a step further by creating

13:19

terraform files for your dynamodb and S3

13:21

and cloudfront I hope you're liking this

13:24

series if you are please make sure you

13:26

like and are subscribed to the channel

13:28

to stay up to date I have some more

13:30

projects coming down the line and make

13:32

sure you comment down if you found any

13:35

issues because there are always some

13:37

weird I am issues that I leave out and

13:40

then I try to cover them in the next

13:42

video so yeah I'll see you in the next

13:44

one peace