Terraform

Introduction

Terraform is an Infrastructure as Code (IaC) tool that allows you to build, change, and version infrastructure safely and efficiently. It supports multiple cloud providers and services.

Key Features:

  • Declarative configuration
  • Resource graph
  • Change automation
  • Provider ecosystem
  • State management
  • Module system

Terraform Basics

Configuration Language

Basic Terraform configuration example:

# Provider configuration
provider "aws" {
  region = "us-west-2"
}

# Resource definition
resource "aws_instance" "web_server" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"

  tags = {
    Name = "web-server"
    Environment = "production"
  }
}

# Output values
output "public_ip" {
  value = aws_instance.web_server.public_ip
}

Core Workflow

Basic Commands:

  • terraform init
  • terraform plan
  • terraform apply
  • terraform destroy

Providers & Resources

Multiple Providers

Example with multiple cloud providers:

# AWS Provider
provider "aws" {
  region = "us-east-1"
}

# Azure Provider
provider "azurerm" {
  features {}
}

# AWS Resources
resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"
  
  tags = {
    Name = "main-vpc"
  }
}

# Azure Resources
resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

Resource Dependencies

Example of implicit and explicit dependencies:

resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"
}

resource "aws_subnet" "public" {
  vpc_id     = aws_vpc.main.id  # Implicit dependency
  cidr_block = "10.0.1.0/24"
}

resource "aws_instance" "web" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"
  subnet_id     = aws_subnet.public.id
  
  depends_on = [aws_subnet.public]  # Explicit dependency
}

State Management

Remote State

Example of remote state configuration:

terraform {
  backend "s3" {
    bucket = "terraform-state-prod"
    key    = "infrastructure/terraform.tfstate"
    region = "us-east-1"
    
    dynamodb_table = "terraform-locks"
    encrypt        = true
  }
}

State Operations

State Commands:

  • terraform state list
  • terraform state show
  • terraform state mv
  • terraform state rm

Modules

Module Structure

Example of a reusable module:

# modules/vpc/variables.tf
variable "vpc_cidr" {
  description = "CIDR block for VPC"
  type        = string
}

# modules/vpc/main.tf
resource "aws_vpc" "main" {
  cidr_block = var.vpc_cidr
}

# modules/vpc/outputs.tf
output "vpc_id" {
  value = aws_vpc.main.id
}

# Root main.tf
module "vpc" {
  source = "./modules/vpc"
  vpc_cidr = "10.0.0.0/16"
}

Best Practices

Code Organization

Best Practices:

  • Use consistent naming
  • Implement modularity
  • Version control
  • Use workspaces
  • Remote state storage
  • State locking

Security Considerations

Security Tips:

  • Encrypt state files
  • Use variables for sensitive data
  • Implement least privilege
  • Enable audit logging
  • Regular security reviews