GitOps with Terraform, Amazon Web Services(AWS), and Space Lift
Hey Guys, Today we are going to learn, how to automate the Amazon Web Services(AWS) Infrastructure, using Terraform and space lift. After this blog, you will have hands-on command on Amazon Web Services, Terraform, Git, GitHub, and space lift. Before we get started, make sure you have VS Code installed and also have access to these platforms including GitHub and space lift. Once you're done, please come back and join me for the rest of the blog.
Creating GitHub Repository
To create a GitHub Repository, go to your GitHub account, from the top right click on the “+” button, and then click on Create New Repository. Afterward, give your repository a name, and description, make it private and then click on create button.
Connecting GitHub & Space lift
Connecting GitHub & Space lift is very easy, please follow the space lift blog, to get started.
Setting up AWS User
First, we need to set up a new user, with permissions required. For this, you need to log in to your root account or have an account you have access to administrator permissions, so you can easily create a new user. Once you create the user, save the AWS Access key, and AWS Secret key, because we will use them later.
Setting Up Project
Once the AWS User is created and necessary permissions are assigned to the user, now you can set up the project by installing Git, VS Code, AWS CLI, and terraform concerning your operating systems. After installing VS Code, you can also install Terraform, and AWS Toolkit extensions. To Configure your AWS User on AWS CLI, use the following command
aws configure aws configure --profile=gitops //to handle multiple accounts
To Configure Git on your local system, you can use the following commands
git config --global user.name"Your name"git config --global user.email "your email"
if you want to explore more about the Git, you can check out my following blog https://dev.to/adilshehzad786/all-about-git-github-beginner-to-advance-1061
Pushing code to GitHub Repository
So, I created a very simple terraform code, which will create an EC2 on your AWS console using terraform, as for beginners, I want to make things simple, you will find the code here. These are the commands through which you can push your code to the GitHub repository, I am not going into more details, but here is the GitHub Repository Link
git init // to the initialized git repository git add. git commit -m "Initial commit"git branch -M maingit remote add origin https://github.com/adilshehzad786/GitOps-Terraform-Spacelift.gitgit push -u origin main
Creating Stack on Space Lift
After pushing code to the GitHub Repository, now we need to create a stack on the space lift, for this go to your space lift account and click on Add stack button.
Once we create a new stack but configure the GitHub repository, now we need to add our AWS Credentials to the Environments.
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEYOnce you configure your environment, now you can trigger your task manually, or whenever you push your changes to your repository on the main branch, spacelift will detect and auto-start the built.
So, once the trigger starts. it automatically initialized the terraform, terraform plan for you, after confirmation, it will apply your plan on Amazon Web Services(AWS) as we only plan for the EC2, let’s see, if our EC2 is related or not.
You can verify from your AWS Console or also from the spacelift resource option whether our resources are created or not.
From Resources, you can get a graphic representation :
Use case using Spacelift
In, Infrastructure as Code(IaC) we usually use AWS Cloudformation, Terraform, and Pulumi. let’s suppose that you are using Terraform for your Infrastructure provisioning, for this, you can create a Terraform stack, one for the Development, one for Staging, and one for the productions, and the code changes can be detected using branches, lets say you have productions code on master, staging code on staging branch and for development, you are using dev branch then it can be deployed to the environment.
Open Policy Agent
Policies are very helpful, so you can restrict developers and testers to a specific task. For Example, if we have a policy of using a t2.micro instance, then the developer cannot have permission to modify it. For more information about policies check out the spacelift blog.
Mostly open policies are designed using Rego. https://www.openpolicyagent.org/docs/latest/policy-language/
Terraform Destroy
After finishing your lab, now you can destroy your resources to save yourself from the cost, for this go to your stack and then go to the tasks, and then use the following command
terraform destroy -auto-approve
Conclusions
This is a very quick blog to get started with GitOps, Terraform, and AWS using Version Controlling system Git & GitHub. You can explore more on Terraform, GitHub, Spacelift, and Amazon Web Services.
Feel free to connect with me on Linkedin:https://www.linkedin.com/in/adilshehzad7/
