Terraform
Terraform is an open source infrastructure as code tool that allows you to define, provision, and manage infrastructure resources in a declarative configuration language.
Key capabilities include :
- predictable execution plans to preview changes
- state management to track resource details
- reusable modules to encapsulate and share infrastructure components.
Terraform integrates with all major cloud and virtualization platforms while abstracting away the differences between them.
Recommendations
- Modularize, modularize, modularize - Break your infrastructure into reusable components, make them configurable, and share them across your organization.
- Variable Descriptions - Consistently document your variables and outputs with detailed descriptions. Well-documented modules make infrastructure more understandable for your team.
- Changes Review - Carefully review your Terraform plan before running apply. Rushing through the plan review can lead to unintended changes and infrastructure chaos. 🫠
- Naming Conventions - Follow HCL and company naming conventions consistently. Well-formatted, standardized code keeps your Terraform configurations maintainable.
- Resource Tagging - Use a consistent tagging strategy for all cloud resources.
- Integration - If your company relies on a platform with an API, consider writing a custom Terraform provider. Custom providers allow Terraform to manage and provision those platforms natively.
- State recovery - Version securely your state file - the file can be corrupted, deleted, or to review state changes, or reconcile the state from a better place in history.
- Dependency Tree - Avoid race conditions when your resources get created by making sure one is referencing the other one through outputs
or using
depends_on. A risk will still subsist if the API applies operations asynchronously behind the scene. - Follow the release train - Bring more reliability to your IaC with the latest features (checks, variable validation rules, …)
- Single element or array? - Always evaluate if a variable may end up being an array of values - doing this change later often means a recreation of some of your module resources.
Example
Terraform Documentation is the go-to place but major Terraform providers like AWS, or Kubernetes can also serve as great references or starting points. Studying this curated content can inspire your own provider or module implementations.
Sample Module
modules/aws-s3-bucket/main.tf
locals {
resource_tags = {
"Project" = var.group_name,
"Environment" = var.environment
"Location" = data.aws_region.current.name
}
}
data "aws_region" "current" {}
resource "aws_s3_bucket" "bucket" {
bucket = var.bucket_name
tags = local.resource_tags
}
// [...] - Example shortened for readability.modules/aws-s3-bucket/variables.tf
variable "bucket_name" {
type = string
description = "Identifier to assign to the S3 bucket that will be created."
}
variable "environment" {
type = string
description = "Name of the environment that resources created by this module will belong to."
}modules/aws-s3-bucket/outputs.tf
output "arn" {
value = aws_s3_bucket.bucket.arn
description = "The Amazon Resource Name (ARN) of the S3 bucket created by this module."
}modules/aws-s3-bucket/versions.tf
terraform {
required_version = ">= 1.5.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 5.11.0, < 6.0.0"
}
}
}Module Usage
main.tf
module "user_events_bucket" {
source = "git::https://git.company.com/namespace/repository.git//path/to/module?ref=1.0.0"
bucket_name = "user-events-${var.environment}"
environment = var.environment
}variables.tf
variable "environment" {
type = string
description = "Application environment"
}versions.tf
terraform {
required_version = "~>1.5"
required_providers {
aws = {
version = "~> 5.11"
source = "hashicorp/aws"
}
}
}
provider "aws" {
region = "eu-west-3"
}Last updated on