One of the most important tools we use is Hashicorp Terraform. This post is the first of our multi-part series featuring Terraform. In this series we will go through:
- Overview of Terraform and Benefits of Infrastructure as Code
- Getting started guide for Terraform
- Best Practices for Managing Terraform
DevOps practices are adopted in order to increase the velocity that code is delivered through making it simple and automated to deploy your applications/systems, regardless if enhancements to those systems require new infrastructure pieces to be added. Terraform fills an important gap here for DevOps in making provisioning new cloud infrastructure simple and repeatable.
Hashicorp Terraform is an open source Infrastructure as Code tool which can be used to provision infrastructure across multiple clouds.
While individual cloud providers such as AWS and Azure have tools like Cloudformation and Azure Resource Manager respectively, we prefer to use cloud agnostic tools like Hashicorp Terraform.
We will discuss the benefits of using a generic tool like Terraform below, but first let’s talk a little about why Infrastructure as Code is so important to a company's cloud operation strategy.
Before Infrastructure as Code tools, managing IT infrastructure in the cloud was very similar to managing on premise infrastructure: very manual and unwieldy.
For companies who have very large workloads on AWS or other public cloud providers the number of resources in their cloud becomes very difficult to manage manually. Using Infrastructure as Code like Terraform provides a number of benefits to software organizations:
Consistency across environments: Since you are defining all of your infrastructure in terraform modules or templates, it is easy to reapply this same template with slightly different variables. This is ideal for a proper DevOps environment and following 12 factor app best practices which call for consistency across development/staging/production environments.
Configuration Consistency: Since modules are versioned and reused, you can continually improve these modules over time. Terraform modules can be used to define typical architecture for an organization’s preferred application stacks. For example if they commonly use AWS and write code in Django or NodeJS they can have a module which defines an RDS DB, a load balancer, launch configuration, etc. Improving these modules as you continue to work with them provides great efficiency
Self Documenting Infrastructure: As organizations grow, it can become difficult to spread the knowledge of the architecture in use. Often times this information is in the minds of a few key engineers on the team. When using an Infrastructure as Code tool like Hashicorp Terraform, the code itself can serve as a clear description of the desired state of the architecture/infrastructure. This can make it easier to bring new engineers into an organization and quickly understand how things are managed and deployed
Developer Efficiency: With an Infrastructure as Code tool, common tasks are easily repeatable and making changes can be completed, tested, and deployed very quickly. Tasks such as adding an Elasticache instance or making a change to a VPC network can be done with just a quick code update
Terraform was created by a company called Hashicorp and originally launched in 2014. Terraform is written in Go and it is used to build, change, and version infrastructure across many different cloud providers.
It is compatible with many different providers, from the major ones such as Amazon AWS, Azure, and GCP to other tools like Gitlab, Github, and Digital Ocean. A full list of providers can be found at: https://www.terraform.io/docs/providers/index.html
Terraform comes in both open source and enterprise flavors. In this article, we will focus mainly on the open source version although many principles apply to both.
Terraform “code” is a series of configuration files written in HCL (Hashicorp Configuration Language) which describe a desired state of provisioned infrastructure (aka a declarative infrastructure tool). As an example of what this means: we may have a terraform file which describes creating a VPC in AWS as well as attaching an internet gateway to it.
This configuration file is descriptive of the desired state and when terraform code runs it automatically will compare the current state vs the desired state to determine what operations need to be run. This is different than many other tools which describe those steps specifically. In our opinion, this is one of the features that makes Terraform so great, you can just describe how you’d like things to be and not have to worry about different environments/applications needing a different set of operations to be run.
The HCL language is meant to be interoperable with json and both human and machine friendly. We feel that Terraform is also very strong in this area, as when used correctly it is simple enough for novices to follow what is happening but is capable of being used to manage fleets of servers
With just some basic configuration files written in HCL we have been able to manage thousands of cloud resources with a very small number of operators.
While there are many things that must be learned to use Terraform in a secure, mature, and scalable manner we hope this guide will get you started.
The next article in this series will cover some basic examples of Terraform in AWS for your consumption. We hope by discussing the patterns we've adopted that you will be able to build on our knowledge and previous mistakes.