GitOps with Terraform, Amazon Web Services(AWS), and Space Lift

Hey Guys, Today we are going to learn, how to automate the Amazon Web Services(AWS) Infrastructure, using Terraform and space lift. After this blog, you will have hands-on command on Amazon Web Services, Terraform, Git, GitHub, and space lift. Before we get started, make sure you have VS Code installed and also have access to these platforms including GitHub and space lift. Once you're done, please come back and join me for the rest of the blog.

Creating GitHub Repository

To create a GitHub Repository, go to your GitHub account, from the top right click on the “+” button, and then click on Create New Repository. Afterward, give your repository a name, and description, make it private and then click on create button.

Connecting GitHub & Space lift

Connecting GitHub & Space lift is very easy, please follow the space lift blog, to get started.

Setting up AWS User

First, we need to set up a new user, with permissions required. For this, you need to log in to your root account or have an account you have access to administrator permissions, so you can easily create a new user. Once you create the user, save the AWS Access key, and AWS Secret key, because we will use them later.

Setting Up Project

Once the AWS User is created and necessary permissions are assigned to the user, now you can set up the project by installing Git, VS Code, AWS CLI, and terraform concerning your operating systems. After installing VS Code, you can also install Terraform, and AWS Toolkit extensions. To Configure your AWS User on AWS CLI, use the following command

aws configure aws configure --profile=gitops    //to handle multiple accounts

To Configure Git on your local system, you can use the following commands

git config --global user.name"Your name"git config --global user.email "your email"

if you want to explore more about the Git, you can check out my following blog https://dev.to/adilshehzad786/all-about-git-github-beginner-to-advance-1061

Pushing code to GitHub Repository

So, I created a very simple terraform code, which will create an EC2 on your AWS console using terraform, as for beginners, I want to make things simple, you will find the code here. These are the commands through which you can push your code to the GitHub repository, I am not going into more details, but here is the GitHub Repository Link

git init    // to the initialized git repository git add. git commit -m "Initial commit"git branch -M maingit remote add origin https://github.com/adilshehzad786/GitOps-Terraform-Spacelift.gitgit push -u origin main

Creating Stack on Space Lift

After pushing code to the GitHub Repository, now we need to create a stack on the space lift, for this go to your space lift account and click on Add stack button.

Once we create a new stack but configure the GitHub repository, now we need to add our AWS Credentials to the Environments.

AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY

Once you configure your environment, now you can trigger your task manually, or whenever you push your changes to your repository on the main branch, spacelift will detect and auto-start the built.

So, once the trigger starts. it automatically initialized the terraform, terraform plan for you, after confirmation, it will apply your plan on Amazon Web Services(AWS) as we only plan for the EC2, let’s see, if our EC2 is related or not.

You can verify from your AWS Console or also from the spacelift resource option whether our resources are created or not.

From Resources, you can get a graphic representation :

Use case using Spacelift

https://twitter.com/ryandcartwright

In, Infrastructure as Code(IaC) we usually use AWS Cloudformation, Terraform, and Pulumi. let’s suppose that you are using Terraform for your Infrastructure provisioning, for this, you can create a Terraform stack, one for the Development, one for Staging, and one for the productions, and the code changes can be detected using branches, lets say you have productions code on master, staging code on staging branch and for development, you are using dev branch then it can be deployed to the environment.

Open Policy Agent

Policies are very helpful, so you can restrict developers and testers to a specific task. For Example, if we have a policy of using a t2.micro instance, then the developer cannot have permission to modify it. For more information about policies check out the spacelift blog.

Mostly open policies are designed using Rego. https://www.openpolicyagent.org/docs/latest/policy-language/

Terraform Destroy

After finishing your lab, now you can destroy your resources to save yourself from the cost, for this go to your stack and then go to the tasks, and then use the following command

terraform destroy -auto-approve

Conclusions

This is a very quick blog to get started with GitOps, Terraform, and AWS using Version Controlling system Git & GitHub. You can explore more on Terraform, GitHub, Spacelift, and Amazon Web Services.

Feel free to connect with me on Linkedin:https://www.linkedin.com/in/adilshehzad7/

--

--

--

DevOps Engineer - Author

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Redis — How does PubSub Message Work

Join the Hexagon Bug Hunt!

Hacking into Windows via EternalBlue

How to create a account and how to send secure mail in development env

Codeburst Top 10 Web Development Articles This Week — December 20th, 2017

Links and Posts: 2/4/19

AWS Console mobile app

Github: The must know list

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adil Shehzad

Adil Shehzad

DevOps Engineer - Author

More from Medium

DevOps — Infrastructure Provisioning Automation using Terraform

The Best Books to Read for Kubernetes You Need to See (Newbies)

How to secure CI/CD Pipelines with DevSecOps?

Kaniko | Jenkins | Kubernetes | How To Build Docker Image Using Kaniko