How to migrate to Terraform Cloud and why should you do it?

Terraform cloud is a cloud infrastructure management tool that allows users to easily create and remotely manage their cloud infrastructure in a consistent and efficient manner. You can use it to manage cloud infrastructure, including Amazon Web Services, Google Cloud Platform, and Microsoft Azure.

Why Terraform Cloud?

If you are already running your infrastructure on Terraform, here are some reasons on why you should consider migrating to Terraform Cloud:

• store your state remotely and provide easy access to shared state, secret data and access controls - you can add users and assign different permissions to them, i.e. owners or developers
• manage infrastructure at scale. This means that users can easily manage large numbers of resources across multiple cloud providers and environments.
• use workspaces to manage your collections of infrastructure, which allows to manage multiple resources as well as grant individual users and user groups permissions for each workspace. Read more about how you can take advantage of workspaces features (over here)[https://developer.hashicorp.com/terraform/cloud-docs/workspaces]
• store sensitive variables securely - you can store them in variable sets and apply them to the
• do it your way - manage Terraform runs through 3 different workflows:
  • UI/VCS driven workflow - here you are connecting you VCS to Terraform Cloud - easily integrate version control such as GitHub, GitLab, BitBucket or Azure Devops and automatically initiate Terraform runs when changes are committed to the specified branch with out the box triggers.
  • CLI driven workflow - you can use your standard Terraform CLI to trigger remote runs.
  • API driven workflow - where you can manage and trigger runs through other tools by triggering calls to Terraform Cloud.

More about VCS workflows

Version Control Workflow in Terraform cloud is something worth spending a bit more time on when configuring your workspace. Here is a few things that I find useful about VCS config in Terraform Cloud:

• initiating speculative plans every time a PR is created against the default branch (this is set up by default so you don't have to do anything)
• once PR is merged this will trigger plan and apply, however by default apply will require manual approval.

• you have various triggers to choose from, and this is where you can really customise your deployment triggers:

  • *path changes triggers *(especially useful for monorepos)
    • pattern based triggers (recommended)- use glob patters to select which what changes should trigger runs and ignore others (i.e. /submodule/**/*.tf if you only require a run when .tf in submodule files were changed or /**/networking/**/* any changes in the files that have networking in their path will trigger a run.
    • prefix based triggers - where you select which directory path should be tracked and trigger a run. One of the examples here would be to track changes in modules directory in each workspace.
  • git tag based triggers - run will only be triggered when indicated git tag is published.
  • you also have an option to always trigger runs, whenever changes are made to any file in the repository.

When setting up your Terraform Cloud organisation and workspaces it is good to assess and implement triggers that are right for your use case and take advantage of all the features offered by Terraform Cloud.

Migrate your existing Terraform infrastructure to Terraform Cloud

First lets start with prerequisites:

• Make sure you have [Terraform CLI 1.1](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli) or higher installed
• *Set up Terraform Cloud account *

Migrating existing state to Terraform Cloud:

1. Replace your backend config with:

cloud {
    organization = "ORGANIZATION-NAME"
    workspaces {
      name = "staging"
    }
  }

and remove your backend config:

backend "s3" {
}

1. Run terraform init

2. Log in to terraform cloud in the CLI by running:
   terraform login

You will be taken to Terraform Cloud website where you will create API token, that you need to copy and paste in you command line

1. (optional) Set up version control - you can set this either for workspace or or for the whole organisation
2. Set up correct working directory i.e. terraform/infrastructure
3. After verifying that Terraform migrated your state to Terraform Cloud, remove your local state file.
4. (optional) Create variable sets with variables that are shared across organisation (note that these can still be overwritten in workspace if necessary)
5. (optional) Migrate workspace .tfvars variables and assign them values in Terraform Cloud.

What about the cost?

Often there is a misconception that in order to migrate and use Terraform Cloud you have to pay a lot, in fact the opposite is true - if you are working in a small team, and do not need access to advance features such as team management and Policy as code (Sentinel policy as code)you can utilise free plan, which allows up to 5 users - this will allow your organisation to assess whether it's a right tool without incurring any cost.