Terraform cloud is a cloud infrastructure management tool that allows users to easily create and remotely manage their cloud infrastructure in a consistent and efficient manner. You can use it to manage cloud infrastructure, including Amazon Web Services, Google Cloud Platform, and Microsoft Azure.
Why Terraform Cloud?
If you are already running your infrastructure on Terraform, here are some reasons on why you should consider migrating to Terraform Cloud:
- store your state remotely and provide easy access to shared state, secret data and access controls - you can add users and assign different permissions to them, i.e. owners or developers
- manage infrastructure at scale. This means that users can easily manage large numbers of resources across multiple cloud providers and environments.
- use workspaces to manage your collections of infrastructure, which allows to manage multiple resources as well as grant individual users and user groups permissions for each workspace. Read more about how you can take advantage of workspaces features (over here)[https://developer.hashicorp.com/terraform/cloud-docs/workspaces]
- store sensitive variables securely - you can store them in variable sets and apply them to the
- do it your way - manage Terraform runs through 3 different workflows:
- UI/VCS driven workflow - here you are connecting you VCS to Terraform Cloud - easily integrate version control such as GitHub, GitLab, BitBucket or Azure Devops and automatically initiate Terraform runs when changes are committed to the specified branch with out the box triggers.
- CLI driven workflow - you can use your standard Terraform CLI to trigger remote runs.
- API driven workflow - where you can manage and trigger runs through other tools by triggering calls to Terraform Cloud.
More about VCS workflows
Version Control Workflow in Terraform cloud is something worth spending a bit more time on when configuring your workspace. Here is a few things that I find useful about VCS config in Terraform Cloud:
- initiating speculative plans every time a PR is created against the default branch (this is set up by default so you don't have to do anything)
- once PR is merged this will trigger plan and apply, however by default apply will require manual approval.
-
you have various triggers to choose from, and this is where you can really customise your deployment triggers:
- *path changes triggers *(especially useful for monorepos)
- pattern based triggers (recommended)- use glob patters to select which what changes should trigger runs and ignore others (i.e.
/submodule/**/*.tf
if you only require a run when.tf
in submodule files were changed or/**/networking/**/*
any changes in the files that have networking in their path will trigger a run. - prefix based triggers - where you select which directory path should be tracked and trigger a run. One of the examples here would be to track changes in
modules
directory in each workspace.
- pattern based triggers (recommended)- use glob patters to select which what changes should trigger runs and ignore others (i.e.
- git tag based triggers - run will only be triggered when indicated git tag is published.
- you also have an option to always trigger runs, whenever changes are made to any file in the repository.
- *path changes triggers *(especially useful for monorepos)
When setting up your Terraform Cloud organisation and workspaces it is good to assess and implement triggers that are right for your use case and take advantage of all the features offered by Terraform Cloud.
Migrate your existing Terraform infrastructure to Terraform Cloud
First lets start with prerequisites:
- Make sure you have [Terraform CLI 1.1](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli) or higher installed
- *Set up Terraform Cloud account *
Migrating existing state to Terraform Cloud:
- Replace your backend config with:
cloud {
organization = "ORGANIZATION-NAME"
workspaces {
name = "staging"
}
}
and remove your backend config:
backend "s3" {
}
Run
terraform init
Log in to terraform cloud in the CLI by running:
terraform login
You will be taken to Terraform Cloud website where you will create API token, that you need to copy and paste in you command line
- (optional) Set up version control - you can set this either for workspace or or for the whole organisation
- Set up correct working directory i.e.
terraform/infrastructure
- After verifying that Terraform migrated your state to Terraform Cloud, remove your local state file.
- (optional) Create variable sets with variables that are shared across organisation (note that these can still be overwritten in workspace if necessary)
- (optional) Migrate workspace
.tfvars
variables and assign them values in Terraform Cloud.
What about the cost?
Often there is a misconception that in order to migrate and use Terraform Cloud you have to pay a lot, in fact the opposite is true - if you are working in a small team, and do not need access to advance features such as team management and Policy as code (Sentinel policy as code)you can utilise free plan, which allows up to 5 users - this will allow your organisation to assess whether it's a right tool without incurring any cost.
Top comments (2)
Disclaimer: Developer Advocate @ Spacelift
There are many advantages to moving to a specialized CI/CD platform for IaC. With the recent updates in Terraform Cloud's pricing, many people are reluctant to change because they don't know the alternatives.
With Spacelift, you will not only get Terraform support, but you can use other IaC tools in the platform (Kubernetes, Ansible, Pulumi, CloudFormation). You can look at a price and feature comparison here and if you are already on Terraform Cloud and you want to migrate, you can follow this 10-minute guide and you will have all of your workspaces migrated.
Moving from just Terraform to Terraform Cloud has tons of advantages. It is important to mention other alternatives such as env0, which also supports Terragrunt and not just Terraform. Also, Altantis open-source is totally free and has some capabilities.