search

zmoog / public-notes

Apache License 2.0
0 stars 1 forks source link

Turn Network Firewall the test setup into a terraform file #88

Open zmoog opened 1 month ago

zmoog commented 1 month ago

I have a few resources on my AWS account: a VPC, a couple of subnets, a network firewall, and others.

I want to import all these resources in a Terraform project so I can create and destroy this setup multiple times, as needed for testing.

zmoog commented 1 month ago

Create a new terraform project:

$ cat main.tf
provider "aws" {
  region = "eu-north-1"
}

resource "aws_vpc" "vpc" {
    tags = {
        Name = "mbranca-dev-fwlogs-firehose"
    }
}
$ terraform init

Initializing the backend...

Initializing provider plugins...
- Finding latest version of hashicorp/aws...
- Installing hashicorp/aws v5.49.0...
`- Installed hashicorp/aws v5.49.0 (signed by HashiCorp)

Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
zmoog commented 1 month ago

List the existing VPCs to the the ID of the existing one:

export AWS_PROFILE=<your profile name>

# list the existing VPCs using the AWS CLI
aws ec2 describe-vpcs --region eu-north-1 | jq '.Vpcs[] | .VpcId'
"vpc-0cf042f965083e417"
"vpc-0bf42362"

Now I'm trying to import the VPC in terraform:

$ terraform import aws_vpc.vpc vpc-0cf042f965083e417
aws_vpc.vpc: Importing from ID "vpc-0cf042f965083e417"...
aws_vpc.vpc: Import prepared!
  Prepared aws_vpc for import
aws_vpc.vpc: Refreshing state... [id=vpc-0cf042f965083e417]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

Now we can verify the VPC is in sync with AWS:

$ terraform plan
aws_vpc.vpc: Refreshing state... [id=vpc-0cf042f965083e417]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.
zmoog commented 1 month ago

Adding subnets.

List existing subnets:

$ aws ec2 describe-subnets --region eu-north-1 --filters "Name=vpc-id,Values=vpc-0cf042f965083e417" | jq '.Subnets[] | .SubnetId'
"subnet-00ab445f8528ff7cb"
"subnet-09f3c821a933a9f02"
$ aws ec2 describe-subnets --region eu-north-1 --filters "Name=vpc-id,Values=vpc-0cf042f965083e417" | jq '.Subnets[] | [.SubnetId,.Tags[].Value]'
[
  "subnet-00ab445f8528ff7cb",
  "mbranca-dev-fwlogs-firehose-firewall-subnet"
]
[
  "subnet-09f3c821a933a9f02",
  "mbranca-dev-fwlogs-firehose-workload-subnet-public"
]