Together we will new free tier AWS account . Be ready with your credit card and cell phone . AWS does not charge if you are creating  free tier eligible resources. Remember , you get 750 hours of resources for one year. That  means,  you can create  and run two  t2.micro instance  for 375 hours!

When you create AWS free tier account , first thing you should  do , setup MFA for accounts's root user , which is email address you provide during account creation. And  protect your account.

You should never use root user for day to day work. Instead , login as root user , create new separate user , we call it admin user , assign required permission to it. Also setup MFA(Multi Factor Authentication) for this new admin user. Always remember to protect your account and users!

Before running terraform command we need to setup AWS Cli and configure the Access Key ID and Secret Access Key for the new Admin user. Terraform can authenticate against AWS using these API keys(Access Key ID and Secret Access Key) and create/update/Destroy resource as per our defined configurations.

Download Terraform Binary

Now you are ready to install Terraform binary and use it!  It's very easy to install on Mac and windows.Its just single  binary file.

Configure AWS command line tool on windows  and configure Access Key ID and Secret Access Key before start running Terraform command. Then install Terraform binary and configure PATH to access it from any  directory.

You can choose  any code editor you like! We will discuss few key features  if you choose Visual Studio Code  and are new to this tool.

When you  start new  Terraform project , first thing you do , define provider in your code. As you define , Terraform download corresponding plugins for that provider  , in our scenario AWS as provider.

Hello world for Terraform ! Simple few lines of code and create new server , In AWS it is called EC2 instance.

Update the user_data for the  terraform code we have written for  single server and create a new Apache web server . Its so simple !

We will update the same code for single web server  and look for the hard coded value and parametrize those. Declare variable whenever you see hard coded value . Make it more portable and reusable that should be goal for all the terraform code you write!

What would you do when you want to multiply the number resources ? say you want 30 or 40 or 100 EC2 instances or any other resources ! you  will copy the same resource for 100 times !   Easy way is to define count parameter  and multiply the resources.

when you have fleet of servers , how would you scale up and down based on the usage ?  Auto Scaling Group comes handy cloud service which is used for scaling based on resource usage. Even you can set the target metric and it can track usage. It scales up and down the resources based on the target you set ! Isn't that cool !  We will do the lab  and apply  Target Tracking Policy.

when you setup web servers in cluster  in auto scale group , it arises access problem for users as you cannot give individual server URL address to the users! You need load balancers and integrate that load balancer with Auto Scaling Group. In this scenario we have used Application Load Balancer. We will setup target group and listener resources as well.

Interpolation is very powerful in Terraform code.It can call attribute value  from any other part of terraform code or from other module and  help to create new resource. You will use it very frequently.

As you progress to write your won terraform code and work in Production environment , terraform commands are very useful n every situation. Sometime commands like , terraform target or terraform taint will save you in critical situation , big time!  Play with these commands ....

How can you declare variables  and access from other part of terraform code ? Look for any values that is hard coded and declare a variable for those , parameterize them immediately. Else , nobody can reuse your terraform stack!

How can you output attributes of  all the resources you have defined in your code and then access them from other part of your code?

Accessing readonly  remote state of another terraform stack is very useful when you just access resource (ex. security group id ) created by other stack and use it in your terraform code. One use case , you want create global security group for all the fleet of instances and anyone can access this security group id and attach to their EC2 fleet.

How do you create a IAM policy statement and use it multiple times in different roles you create ?  or you want to find EC2 instance , filter with TAGs and  perform any action on them ?  Data resource comes really handy in such scenario.

How modules are useful ?

What is module ?  Whats the syntax to declare module ?  Every Terraform configuration has at least one module, known as its root module, which consists of the resources defined in the .tf files in the main working directory.

what is module inputs ? How  can you declare module inputs ? Module variable  may or may not have default value assigned.

whats the syntax to defile module output ? how can you access them from other  terraform stack ? Module is very power for this output feature as multiple module can work together for large infrastructure and it increases reusability.

Two very important gotcha you should remember as you are writing more complex terraform code. Always use the interpolation "${path.module}" for file paths in module. And always prefer to use separate resource than inline resources , I will demonstrate you how to use them.

How can you update your module when it is used by 100s of other team members? Your update may break their terraform stack  who are using to create their infrastructure. Module versioning is the solution for that. You use git repository as source of your module. Then do a "git tag" to your update and use the tag information in terraform module source argument. Go through the demonstration and apply in your project.

store state about your managed infrastructure and configuration. This state is used by Terraform to map real world resources to your configuration, keep track of metadata, and to improve performance for large infrastructures.This state is stored by default in a local file named "terraform.tfstate", but it can also be stored remotely, which works better in a team environment. Terraform uses this local state to create plans and make changes to your infrastructure. Prior to any operation, Terraform does a refresh to update the state with the real infrastructure.

Practically , terraform  is state manager !  And thats why its popular in community !

All resource  state is stored by default in a local file named "terraform.tfstate", but it has to  be stored remotely, which works better in a team environment. Else you are the only one who can update the infrastructure as your laptop/desktop has terraform.tfstate stored locally! 

We are going to use  Amazon S3 storage for remote state storage.

what happens when two or more team member tries to run terraform on same stack ?  its dangerous situation as it might corrupt your terraform state due to race condition !

we are going to use AWS service DynamoDB to lock the state so that others will have to wait when one team member is running terraform command on the same stack.

why do we need to isolate state from DEV or QA or PROD ? Frequency of changes in DEV is many times higher than PROD. Why do we want to put production stack in risk for each update in DEV when we have DEV and PROD sharing the same state? 

We should always isolate the terraform state for each environment ! 

We should always think in terms of resources before writing the code. For EBS we need  two key resources , "aws_ebs_volume" and "aws_volume_attachment"

create IAM policy document and attach  that policy to role. You can assign the role to EC2 instance and make it instance profile. 

syntax to create new public zone and create new record.Understand all the arguments we need for route53 resource.

A complete demonstration to create  new VPC  and create private /Public subnets. Then create Internet Gateway  and attach the route resources. Create NAT gate way and attach route resource for private subnet. Understand how all the resources are created sequentially as they have dependency. 

How hard coded credentials look like so you can remove one when you find in any code. also you should avoid   embedding credentials in you terraform code at all cost.

You have probably used Assume Role in AWS console and also in  AWS CLI to create temporary credentials. and you can use the same temporary credentials to create  resources that is allowed in the role you have assumed.  However we can leverage the same in Terraform as well. We  just need to declare assume role code block in provider section.

you can prevent from displaying username , password , cluster name , customer name in terminal or sending them in a logging system. you just need to declare the argument sensitive = true. One caveat , sensitive informations still remain as clear text in state file. So make sure state file has restricted to access.

By default provider allows us to use one provider and associated regions . We cant create resources in two or more regions at teh same time unless we use alias argument. This is same  procedure when we create resources in AWS and Azure platform from same Configuration.

Use profile argument in provider section and create resources in multiple accounts in same terraform configurations.

why provisioner ? difference between local and remote provisioner ?

how can local-exec provisioner be useful to automate infrastructure stack creation ?

how can we create fleet of ec2 instances and run commands remotely , monitor at the same time how the remote commands being run ? remote-exec comes very handy . Only caveat is , you have to manage PEM/private key securely for the instances as remote-exec uses it to login and run commands on the instances remotely.  It provides visibility instantly on the console on why and when one command failed .

How can  we create identical infrastructure same as prod? and without writing terraform code ?  Workspace is very easy to use and handy to create identical infrastructure .

what are the useful workspace  commands to create identical infrastructure ? play with them...

I will demonstrate how to change code and use special interpolation to use workspace feature. The run your workspace commands to create infrastructure.

how can we create two or more identical or with  little variation infrastructure just changing the variable values ?  we can use .tfvars file in "terraform init" command as a argument. .tfvar file has variable values.  Also we need to provide  remote state bucket key information in the command line when we initialize running  "terraform init" . Basically the stack has one backend configuration  with bucket information but without Key. Now , each new stack   has to be initialized with new and unique state bucket key information to isolate the state.

One caveat to use .tfvar is that you need to tag all the resources with .tfvar  information as well . Else you don't know which resource is created by which .tfvar!

Navigate through the UI of Terraform Cloud and understand key features.

Procedure to  sign up to Terraform Cloud to access and play with it

VCS , ie Version Control System allows us to automate and version our infrastructure . We can create workspace and associate an infrastructure project written in terraform stored in version control system such as GitHub. We can integrate VCS in Terraform Cloud organization which will be available to use for each new workspace we create. Or we can integrate VCS when we create each workspace for new project.

Create new workspace and configure  version control system , Github. Export variables ,  initiate run and collaborate. 

We can destroy infrastructure in workspace and then we can destroy workspace as well , if we don't need that workspace any more.

Organization settings to change behaviors of all the workspace inside it

Workspace is one of the key feature in Terraform Cloud .Terraform cloud workspace setting options that changes behavior  of the workspace.

Why sentinel policies ?  How can we apply on Terraform cloud ? How to start with Sentinel Policies ?

you can also run speculative terraform plan and terraform apply from your workstation/laptop when all the operation will happen in terraform cloud , outputs will stream into your workstation/laptop . Terraform Cloud provide execution environment

Step by step procedure to deploy Jenkins server using terraform code. EC2 role is assigned to Jenkins server so we did not have to use long term key (Access Key id and Secret Access Key) which is very good for security measure.Also It shows steps to configure github-webhook and test the trigger. Security group for EC2 instance is allowed traffic from Github as per list of IP in https://api.github.com/meta

1. Overview of the exam and contents in this section

2. Rules to follow during exam

3. Question types

4. Room preparation for online  proctored exam

How to register for Terraform Associate Certification. What are the precaution you should take before and on the day of scheduled exam. Wish you good luck !

Key Concepts - Relevant to Certification Exam

Requirements to fulfill when publish module in terraform registry

Value types

Reserved key words in Terraform

Terraform functions

Key Concepts covered:

Debugging terraform code

Locals

Terraform import

Workspace

Module

Suppress sensitive information

Key Concepts Covered:

Module version - Recommended to declare in code

Terraform Registry

count.index

Never hardcode access and secret key  in your code

State Locking

Resource block

Sentinel Policy

Resource block

Sensitive data in state

Remote Backend for terraform cloud

terraform graph and splat expression

terraform settings -  terraform {}

Covers Key Concepts:

output

Force-unlock - State

Key benefits - Infrastructure as code

Terraform Cloud vs Enterprise

variables with undefined value

Environment variable

Structural type : object and tuple

Backend Configuration

Taint and Replace

Provisioner

Input Variable

Version Constraint

This exam practice will help you to recall the key concepts and help you to combat the  Terraform Associate exam. Please pay attention to  any notes for the answer which has reference link as well . You can go through the reference links and understand the topic more.

Wish you good luck for the exam.n.

Congratulations ! You have made it to end of this course and believe me , you have gathered enough knowledge to write and troubleshoot terraform code independently.

Thank you so much for being a student. I honestly , sincerely thank you. The time and money you have invested to take this course, just mean so much to me.I am celebrating with you. Realistically only small percentage of students actually follow through and reach the finish line. Obviously you are proving that you do have what it takes to truly transform your life and create a reality that you want. You are in charge and you are in driver seat .Congratulations for that!