Terraform is a powerful tool that enables Infrastructure as Code (IaC) management. It is particularly useful for large cloud environments, automating the provisioning, management, and scaling of resources. In this post, I will describe how I used Terraform to create virtual machines (VMs) on DigitalOcean and deployed the Juice Shop project on them.
Note: Juice Shop is a deliberately insecure web application designed to teach security testing. It should only be used for educational purposes and never in a production environment.
Installing Terraform on Ubuntu or Debian is straightforward. You can set it up quickly using the following commands:
wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg]https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install terraformTerraform configurations are written in files that define the infrastructure resources you want to create. Below is a basic example of how to configure Terraform to create VMs on DigitalOcean.
First, the cloud provider must be specified. Terraform supports many providers such as Amazon AWS, Microsoft Azure, and others. For this test, I chose DigitalOcean as it offers a simpler alternative to larger providers.
Here’s the code to configure the DigitalOcean provider:
terraform {
required_providers {
digitalocean = {
source = "digitalocean/digitalocean"
version = "~> 2.0"
}
}
}After defining the provider, Terraform needs access to your DigitalOcean account via an API token. This token can be passed to Terraform through environment variables or a secret management tool. For simplicity, I have included it directly in the code (though this is not recommended for production):
provider "digitalocean" {
token = "YOUR_DIGITALOCEAN_TOKEN"
}Now we can define resources, such as a droplet, which is DigitalOcean’s term for a VM.
resource "digitalocean_droplet" "web" {
count = 1
image = "ubuntu-22-04-x64"
name = "saftig.${count.index}"
region = "fra1"
size = "s-1vcpu-1gb"
ssh_keys = [""]The count parameter defines how many VMs to create.
Terraform makes it as easy to create 200 VMs as it is to create two.
For SSH access, you need to provide the fingerprints of your SSH keys, which must be pre-registered with DigitalOcean.
To execute commands on the VMs, we need to set up an SSH connection:
connection {
host = self.ipv4_address
user = "root"
type = "ssh"
private_key = file("PATH_TO_SSH_KEY")
timeout = "2m"
}Once the VMs are created, we can use podman to pull and run the Juice Shop container on the droplets:
provisioner "remote-exec" {
inline = [
"export PATH=$PATH:/usr/bin",
# install Juice Shop
"sudo apt install -y podman",
"sudo podman pull docker.io/bkimminich/juice-shop",
"sudo podman run -d --rm -p 3000:3000 bkimminich/juice-shop"
]
}
}This pulls and starts the Juice Shop container.
Terraform uses a similar command structure to Git. Here are some of the key commands:
To apply your configuration and provision resources:
terraform applyTo view the current state of your deployment:
terraform showUm alle erstellten Ressourcen wieder zu löschen:
terraform destroyI was really impressed with how easy it was to get started with Terraform. I can definitely see myself using it for more projects in the future, especially with its ability to manage infrastructure at scale with minimal effort.
