 hear me? Hey guys, the back. All right, all right. Okay. I don't have, I didn't have much time to prepare but when Steve told me to do a presentation today, just in time that I need to do some Terraform stuff for this morning. So I'm going to be talking about two things. So why am I using Terraform and what I've learned? So if you all know, I work for Trend Micro, Security Company. We're an advanced partner of AWS and I'm a solution architect there. So I work only on AWS platforms. So I need to build demos. I need to build demos for events. I need to emulate the entire Trend Micro line, product line on AWS and I need to build a hands-on lab for customers. This morning, just in just no kidding, just this morning, we had an event that basically did an emulation of our attack simulation. So every participant has their own BPC and their own set of instances and they will basically try our products on and then they will launch an attack afterwards and then whoever gets the least hacked servers wins the price. So basically that's what we did in 30 minutes. So you have to protect us a very vulnerable machine in 30 minutes. So that was the story. So not four, not five, not six, but there's 50 participants this morning. So when you use Terraform, building for one project, second project, third project, but it's okay. But what if you need to build 50 different setup, 50 different Terraform steps? How does it work? I'm not an expert of Terraform. I don't work for HashiCorp. This is just what I've learned. So instead of giving you one by one, I just tell you what I've learned. So modules, they do not have a count. So if you know count, it's a way of multiplying things. So for example, I want to build 50 instances. I'll just type for times 50, but I build everything on modules. So I'll show you my setup. Can you see? Can you see the back now? Clear. Kind of clear. All right. So this is my Terraform folder. So what I do is I have different projects. So I got bar, bill, L, dart, dust, ego, L. So these are all stranger things characters. So that's the name of my project. I name all my projects to stranger things characters. Now, and then I have modules. So I have modules where, for example, I need to create Jenkins module. So every project, I can just go to my, for example, I got a build project, not this one. That's not a good example. I got a bar project, and then I get to say, I need an email server. I have a ddan server. I have an endpoint server. I need a bastion host. I need the victim. I need an attack machine. I need the manager. I need DNS. And the first one I do is I need the VPC. So my VPC is pretty well defined. It contains it contains those stuff like flow logs and stuff like that, because I also teach AWS security to people. So now, if I need to create 50, for example, 50 servers, what I can do is just, for example, here, I have my Linux server here, and I can just put a count 50. But that doesn't work on modules. So when I go to modules, so modules is basically to give you a perspective, right? Modules is basically how you replicate each individual Terraform mini stacks, to say. So I cannot put a count here. I cannot do a count here. It won't work. So you know what I did? Because I only have basically half a day to replicate my setup to 50. I did it the best way possible. So what I did is I copy pasted everything. So 01, 02, 03, 04. And I could have done better. I could have used Jenkins and I could have set up like a Docker based setup to multiply it by 50 and make 50 individual copies. But I simply didn't have time. I only have three hours to get it done. So I just did the best thing ever, just do a copy. So I have my first 10, and then I just put the rest. So rest as 40 items. It's very, very painful to set up to run because it will take you one hour to create this entire stack. And in Terraform terms, it's super frigging slow. When we build stuff in Terraform, we only count like one minute to build an entire stack. But this one took one hour because I have to multiply everything by 50. All right? Okay. Okay. All right. Oh, another thing. What I learned is you need to review your limits. So there's a limit for VPCs. There's a limit for EC2 instances. There's even a limit for EBS volumes. A big mistake that I did yesterday is I used magic. I used the magic of creating an instance and it created magnetic EBS volumes. But I asked AWS for limit increase on the SSD volumes. So I was scratching my head. What the hell did I do wrong? I realized that Terraform, they build only magnetic instances. You have to specify to your instances that you want to use SSD. So what I did was after like two hours in chat with the AWS guy, hold on. What's that? Where is that? We realized that we have to change the volume type to GP2, which is the SSD. Yeah. Okay. Next. CloudFormation Terraform. So it's not really true. I used to use CloudFormation for five years. It's a love-hate relationship. So when I moved to Terraform, it's also a love-hate relationship because it's, you know, people say breasts are greener on the other side. Not true. There's a merits in CloudFormation because the state is stored by AWS. If anything happens, it will roll back the state for you. A lot of things that CloudFormation doesn't Terraform doesn't. Okay. And it's not just for infrastructure. It's not only for servers. So because I didn't have time to, you know, I really hate using the console with AWS. I've used AWS since 2009 and I just click, click, click. That's very tiring. So I also wrote run commands. So I actually put the run command. If you don't know run commands, basically, if you want to run a command to any instance on AWS, you use a run command to execute it. So basically, I have a run command on an instance that will attack another instance, basically. So I have a Python script that will issue an attack to another instance. So you don't just use Terraform to create servers. You can also use to upload documents, right? So don't despair on the EOD. So if you're new in Terraform, basically, they allow you to insert stuff like user data. Now, the typical way of doing it is like this. So like EOF. So you'll do an EOF and then you'll insert a JSON document inside your template. This can be very, very dirty because it's hard to edit. So what you can do is you can actually use a data function that can import a shell script. So I have a shell script here. So if you look at my shell script, I can variableize everything, but I will edit it because code looks at it as a shell script. Now, you might be wondering, what's my setup, right? So I always used to work like this. I have an ultrawide at home. So I always have three screens of like this. It's just big now because we're doing a demo. And then I always put my Terraform stuff here. I always put my Terraform at the bottom. So when I'm working on the two windows there, I always have Terraform at the bottom. So wrong spelling. So when I hit Terraform refresh, I can work here and then I can see the update there. Never restore state in local. So if you look at Terraform, it uses state management. So basically it's a state. The default is it will store the state of your servers, of your infrastructure in local. Try to use Dynamo DB and SRE. There's a combination where you do not have to save the state in your local machine because if you put a control C while you're doing an apply or when you're building the infrastructure and you cancel it, it will break the state. Basically you break your infrastructure. You break your entire setup. And I've done it three times before. So don't be like me. All right. Now if you're very certain, you know the thing that takes the most time in building Terraform Star is refresh. So if you look at this refreshing state, this actually eats the most time. And it consumes a lot of bandwidth because what it does is it will make individual API calls to AWS to check if that stuff is built, if it's there, if it's running. Now if you're very sure in your apply, if you don't want to do a refresh, you can just hit refresh true. And then when you do a refresh true, it'll just apply the changes that you want to do without checking. Risky. But if you're certain and if you're running out of time, like this morning the demo, my demo doesn't work. Like my event is at 9.30. I was in the Uber at 7.30. I was still fixing the demo on the Uber. So because I'm just gambling, I just apply, apply, apply without refreshing because refresh takes around one of my big stacks which has 3000 resources. It takes around 10 minutes to refresh it. Okay. All right. You can also use it to create AMIs and clone them. So yeah, I've done so many times like right click create AMI in my life. So I have this tip you can use. So I have a cloner project. So what it does is okay, let me make this bigger. So I have a cloner project and what it does is it will basically clone all my AMIs to another region based on a specific tag. So and then everything is dynamic. So what I do is on the variables, I just look at these tags DSM or D2008. So basically all AMIs that has that tag that is the latest clone it. So that's how I clone AMIs and build AMIs. Set workable defaults in your variables on your modules. So I'll give you an example. People like put the variables without values. So for example, list, without the value. So that means Terraform will always ask a value from you. And this is kind of annoying because you're going to have fat modules. And what I'm trying to do is like on my VPC, what I do is I put a lot of defaults on the variables so that I don't have to put variables that much. If I need something quick, I just put VPC. It will build it. So I'll show you how I build the VPC. It's just like this. I just need to put the name. I just need to put the environment. That's it. Everything else pre-populated. But if I want to change the IP address, I want to change the subnets, I can add. But if you're really doing something quick, you can do this. Check API limits. So I was talking to AWS support yesterday about my project. And they told me to be careful of my API limits when I'm running this kind of things because there's an API limit to AWS. So I hope I'm happy with it. And study the Terraform syntax. So I've been using this Terraform apply. And then I put parallelism. So parallelism is how many times it can do stuff. So for example, I have 2,000 resources. It's going to run 100 operations every time. But that can, if you have a fast, what I do is I don't run the Terraform in my machine. I create an easy-to-instance. And then I run Terraform from there. So it's just a respect to depend. It's just make it faster. And then I put auto-approve because I learned it when I'm doing Jenkins, when I'm deploying in Jenkins. Yeah. And that's about it. So other stuff, because I only have 15 minutes, planning is important, very, very important when you're building because you can get to a lot of mistakes when it comes to building up your stuff. This is like my fifth or sixth project like this on Terraform. So I learned a lot already. And I'm not a master yet. So I have customers that have more complex environments and very, very complex Terraform setups. Yeah, have fun. So for me, it's a very fun tool. It's a very fun product. If you have time, just try to study Terraform. I'm not saying CloudFormation sucks. It depends on how you want to do it. It's just I suck at JSON. And I just, YAML support for CloudFormation just came out a few years back. So when the YAML support came out for CloudFormation, I'm already using Terraform. I already transitioned. All right. So yeah, that's it. So thank you very much. Any questions? I think you can export the plan file and then you can use that plan file to make up applies. So you do a Terraform plan. You can actually export that out of that and then you can apply using that plan. Well, if there's a lot of magic in Terraform, maybe, you know, there's a lot of magic. So for me, my goal is like in me. My job, my goal in life is not to be seen. My goal in life is to be up in the environment to