# Setting up Cloud Observability with Terraform - Provisioning with Terraform 

In the previous sections, we configured cloud connections to your AWS resources, health rules and anomaly detection using API's. In this section, we shall use Terraform to do the same.

The configuration object lifecycle has the following stages.

* Pre-execution steps
* Create Connections
* Query Connections
* Update a Connection
* Delete a Connection
    
We do not delete the connection here, because we want to observe all of the host metrics before we terminate. For more information on deleting the cloud connections, refer to the section on Termination.
    
To progress with the lab, click **inside** the boxes below that contain the snippets of Python code. Note that the **Run** button will appear to the left of the code box. Click on the **arrow** button to execute the code snippet. After you click **Run**, executions in progress will be denoted by "ln[*]"

> **Note:** Do not skip code blocks. Execute each before you progress to the next.

> **Note:** Wait for the entire execution to complete in a code block before you progress to the next.

## Pre-provisioning steps

Recall the globals set in in the previous notebook. Click **Run** to set the environment.

In [None]:
import os
%store -r aws_key
%store -r aws_secret
%store -r aws_conn_name
%store -r cl_id
%store -r cl_secret

os.environ['AWS_KEY'] = aws_key
os.environ['AWS_SECRET'] = aws_secret
os.environ['AWS_CONN_NAME'] = aws_conn_name
os.environ['CL_ID'] = cl_id
os.environ['CL_SECRET'] = cl_secret
print("Globals set:" + "\n")
print("Connection Name:" + aws_conn_name + "\n")
print("AWS Secret:" + aws_secret + "\n")
print("AWS Key:" + aws_key + "\n")


## Check Terraform and initialize AppDynamics Provider

Run this command to make sure you can access Terraform that has been set up for this environment. Also, note that we are using a local copy of the AppDynamics Terraform provider and we shall copy it to your local instance.

In [None]:
!terraform version


In [None]:
!mkdir -p ~/.terraform.d/plugins/terraform.local/local/appdynamics/1.0.0/linux_amd64/terraform-provider-appdynamics_v1.0.0


In [None]:
!cp ./plugin/appdynamicscloud ~/.terraform.d/plugins/terraform.local/local/appdynamics/1.0.0/linux_amd64/terraform-provider-appdynamics_v1.0.0


In [None]:
!rm data.tf dataregions.tf dataservices.tf datas.tf allconns.tf

## Create Connection objects

AppDynamics Cloud supports Amazon Web Services (AWS) Role Delegation, AWS Access Key Credentials to authenticate and authorize AppDynamics Cloud with AWS. Here, we use AWS Access Key methodology to create the cloud connection to AWS.

Click **Run** to save this file locally to your file system.

In [None]:
%%writefile main.tf

terraform {
  required_providers {
    appdynamicscloud = {
      source = "terraform.local/local/appdynamics"
    }
    http = {
      source = "hashicorp/http"
      version = "3.1.0"
    }
    local = {
      source = "hashicorp/local"
      version = "2.2.3"
    }
  }
}

provider "appdynamicscloud" {
  tenant_name = "cisco-devnet"
  login_mode  = "service_principal"

  client_id     = var.client_id
  client_secret = var.client_secret
}

variable "client_id" {
  type     = string
  nullable = false
}

variable "client_secret" {
  type     = string
  nullable = false
}

variable "access_key_id" {
  type     = string
  nullable = false
}

variable "secret_access_key" {
  type     = string
  nullable = false
}

variable "conn_name" {
  type     = string
  nullable = false
}

variable "descr" {
  type     = string
  nullable = false
}

resource "appdynamicscloud_connection_aws" "sampleconn" {
  display_name = var.conn_name
  description  = var.descr
  state        = "ACTIVE"

  connection_details {
    access_type       = "access_key"
    access_key_id     = var.access_key_id
    secret_access_key = var.secret_access_key
  }
configuration_details {
    import_tags {
      enabled       = true
      excluded_keys = ["key1", "key2"]
    }
    tag_filter = "(tags(env) = 'prod' || tags(env) = 'production')) && tags(project) = 'cloudcollectors'"
    regions    = ["us-east-1", "us-west-1"]
    polling {
      interval = 5
      unit     = "minute"
    }

    services {
      name = "ebs"
      import_tags {
        enabled       = false
        excluded_keys = []
      }
      tag_filter = "tags(project) = 'cloudcollectors' && tags(jira) IN ['XTNSBL','ACE'] && !(tags(region) IN ['US','IN']) && HAS tags(monitorEnabled) && !(HAS tags(restrictedUse)"
      polling {
        interval = 5
        unit     = "minute"
      }
    }
    services {
      name = "ec2"
      import_tags {
        enabled       = true
        excluded_keys = ["key1", "key2"]
      }
      polling {
        interval = 5
        unit     = "minute"
      }
      tag_filter = "tags(project) = 'cloudcollectors' && tags(jira) IN ['XTNSBL','ACE'] && !(tags(region) IN ['US','IN']) && HAS tags(monitorEnabled) && !(HAS tags(restrictedUse)"
    }
  }
}

output "conn_id" {
  description = "Connection ID:"
  value       = appdynamicscloud_connection_aws.sampleconn.id
}


## Initialize Terraform

In [None]:
!terraform init

## Checkout Terraform Plan

In [None]:
!terraform plan -var="access_key_id=$aws_key" -var="secret_access_key=$aws_secret" -var="client_id=$cl_id" -var="client_secret=$cl_secret" -var="conn_name=$aws_conn_name" -var="descr=XXX"



## Apply Terraform Plan

In [None]:
!terraform apply -auto-approve -var="conn_name=$aws_conn_name" -var="descr=XXX" -var="access_key_id=$aws_key" -var="secret_access_key=$aws_secret" -var="client_id=$cl_id" -var="client_secret=$cl_secret"


## Query Connection objects

You can do the following queries with Terraform:

* get AWS Regions
* get AWS Services
* get AWS Connection by ID


### Get AWS Regions

In [None]:
%%writefile dataregions.tf

data "appdynamicscloud_regions_aws" "example" {
}

output "aws_region" {
  description = "AWS region"
  value       = data.appdynamicscloud_regions_aws.example
}


In [None]:

!echo $connid
connid="$(terraform output -raw conn_id)"
!terraform apply -auto-approve  -var="descr=XXX" -var="conn_name=$aws_conn_name" -var="access_key_id=$aws_key" -var="secret_access_key=$aws_secret" -var="client_id=$cl_id" -var="client_secret=$cl_secret"



### Get AWS Services

In [None]:
%%writefile dataservices.tf

data "appdynamicscloud_services_aws" "example" {
}

output "aws_services" {
  description = "AWS Services"
  value       = data.appdynamicscloud_services_aws.example
}


In [None]:
!terraform apply -auto-approve -var="descr=XXX" -var="conn_name=$aws_conn_name" -var="access_key_id=$aws_key" -var="secret_access_key=$aws_secret" -var="client_id=$cl_id" -var="client_secret=$cl_secret"


### Get AWS Connections By ID

In [None]:
%%writefile data.tf

variable "connid" {
  type     = string
  nullable = false
}

data "appdynamicscloud_connection_aws" "conn" {
    connection_id = var.connid
}

output "aws_connections" {
  description = "AWS Connections"
  value       = data.appdynamicscloud_connection_aws.conn
}


In [None]:
connid="$(terraform output -raw conn_id)"
!terraform apply -auto-approve -var="connid=$connid" -var="descr=Test connection for AWS" -var="conn_name=$aws_conn_name" -var="access_key_id=$aws_key" -var="secret_access_key=$aws_secret" -var="client_id=$cl_id" -var="client_secret=$cl_secret"


## Update Connection objects

You can see the fields that can be updated in the [Connections API documentation](https://developer.cisco.com/docs/appdynamics/cloud-connection/#!get-started/connections-api).

A common use case for updates would be to enable/disable connections specifying the payload as follows:

Enable:
    data = {
        "state":"ACTIVE"
    }

Disable:
    data = {
        "state":"INACTIVE"
    }

For this run, let's modify the connection description below:

In [None]:
%%writefile main.tf

terraform {
  required_providers {
    appdynamicscloud = {
      source = "terraform.local/local/appdynamics"
    }
  }
}

provider "appdynamicscloud" {
  tenant_name = "cisco-devnet"
  login_mode  = "service_principal"

  client_id     = var.client_id
  client_secret = var.client_secret
}

variable "client_id" {
  type     = string
  nullable = false
}

variable "client_secret" {
  type     = string
  nullable = false
}

variable "access_key_id" {
  type     = string
  nullable = false
}

variable "secret_access_key" {
  type     = string
  nullable = false
}

variable "conn_name" {
  type     = string
  nullable = false
}

variable "descr" {
  type     = string
  nullable = false
}

resource "appdynamicscloud_connection_aws" "sampleconn" {
  display_name = var.conn_name
  description  = var.descr
  state        = "INACTIVE"

  connection_details {
    access_type       = "access_key"
    access_key_id     = var.access_key_id
    secret_access_key = var.secret_access_key
  }
configuration_details {
    import_tags {
      enabled       = true
      excluded_keys = ["key1", "key2"]
    }
    tag_filter = "(tags(env) = 'prod' || tags(env) = 'production')) && tags(project) = 'cloudcollectors'"
    regions    = ["us-east-1", "us-west-1"]
    polling {
      interval = 5
      unit     = "minute"
    }

    services {
      name = "ebs"
      import_tags {
        enabled       = false
        excluded_keys = []
      }
      tag_filter = "tags(project) = 'cloudcollectors' && tags(jira) IN ['XTNSBL','ACE'] && !(tags(region) IN ['US','IN']) && HAS tags(monitorEnabled) && !(HAS tags(restrictedUse)"
      polling {
        interval = 5
        unit     = "minute"
      }
    }
    services {
      name = "ec2"
      import_tags {
        enabled       = true
        excluded_keys = ["key1", "key2"]
      }
      polling {
        interval = 5
        unit     = "minute"
      }
      tag_filter = "tags(project) = 'cloudcollectors' && tags(jira) IN ['XTNSBL','ACE'] && !(tags(region) IN ['US','IN']) && HAS tags(monitorEnabled) && !(HAS tags(restrictedUse)"
    }
  }
}

output "conn_id" {
  description = "Connection ID:"
  value       = appdynamicscloud_connection_aws.sampleconn.id
}

In [None]:
connid="$(terraform output -raw conn_id)"
!terraform apply -auto-approve -var="connid=$connid" -var="descr=Test connection for AWS" -var="conn_name=$aws_conn_name" -var="access_key_id=$aws_key" -var="secret_access_key=$aws_secret" -var="client_id=$cl_id" -var="client_secret=$cl_secret"


### Get AWS Connections Using Terraform & API's


In [None]:
%%writefile allconns.tf

variable "appdURL" {
  description = "Endpoint of the Cloud Native Application Observability"
  type        = string
}

variable "tenant" {
  description = "Tenant ID"
  type        = string
}


data "http" "get_auth_token" {
  provider = http
  url = "${var.appdURL}/auth/${var.tenant}/default/oauth2/token"

  request_headers = {
    Content-Type: "application/x-www-form-urlencoded"
    Authorization = "Basic ${base64encode("${var.client_id}:${var.client_secret}")}"
  }
  request_body = "grant_type=client_credentials"
  method = "POST"
}


locals {
  auth_reponse = jsondecode(data.http.get_auth_token.response_body)
}

output "get_auth_response" {
  value = data.http.get_auth_token.response_body
}

data "http" "get_connections"{
provider = http
  url = "${var.appdURL}/cloud/v1/connections"

  request_headers = {
    Content-Type: "application/json"
    Authorization:"Bearer ${local.auth_reponse.access_token}"
    Appd-Tenant-Id: "${var.tenant}"
  }
  method = "GET"

}

output "get_response" {
  value = data.http.get_connections.response_body
}

resource "local_file" "json-data" {
    content  = data.http.get_connections.response_body
    filename = "getConnections.json"
}



In [None]:
connid="$(terraform output -raw conn_id)"
!terraform apply -auto-approve  -var="tenant=76d947c5-91ee-4a95-8833-7bf9040a3d88" -var="appdURL=https://cisco-devnet.observe.appdynamics.com" -var="descr=Test connection for AWS" -var="conn_name=$aws_conn_name" -var="access_key_id=$aws_key" -var="secret_access_key=$aws_secret" -var="client_id=$cl_id" -var="client_secret=$cl_secret"


## Delete Connection objects


In [None]:
!terraform destroy -auto-approve -var="conn_name=$aws_conn_name" -var="descr=XXX" -var="access_key_id=$aws_key" -var="secret_access_key=$aws_secret" -var="client_id=$cl_id" -var="client_secret=$cl_secret"
