First, let’s talk about Infrastructure as Code (IaC).
Like the name suggests, Infrastructure as Code is the process of provisioning infrastructure using code. It is a way to automate the creation of the topology needed to run your application.
Think of Infrastructure as a broad term. It can be anything from virtual machines to Kubernetes clusters to storage buckets. Code in this context refers to the language used for writing the automation. The most common ones are JSON, YAML and HashiCorp Language Format (HCL).
Automating your infrastructure has great advantages. Some of my favorite are:
Consistency. Consistency is the name of the game on IaC. Ad-hoc changes to infrastructure can cause a mismatch between development, staging and production environments.
Dynamic provisioning. Infrastructure is transient. When it’s automated, it becomes easier to provision and deprovision resources according to load.
Reproducible environments. Spinning up a sandbox for tests with a certain configuration usually takes a few minutes and has very little human intervention.
Documented infrastructure. The IaC code works as an always up-to-date documentation of your infrastructure. Tools like Git will also give you an audit trail and bring collaboration aspects to it.
It gives you the power to manage - build, update and destroy - infrastructure using IaC principles.
Terraform uses the HCL language. With HCL, you declare a blueprint of how you want your infrastructure to look like. Terraform will read that blueprint and provision all the resources you declared.
This is how an HCL file looks like:
In the example above we are informing Terraform that Amazon Web Services (AWS) is our provider of choice. We are also declaring a resource: a private S3 bucket.
One very important concept from Terraform are providers.
Providers are the glue between the Terraform CLI and other systems. They work like plugins and live separately from Terraform.
With providers, Terraform is able to connect to cloud vendors (e.g. Google Cloud Platform, AWS), PaaS solutions (e.g. Heroku, Kubernetes) and SaaS applications (e.g. Fastly, GitHub).
Terraform keeps track of your infrastructure though a state file.
The state file is the source of truth for your architectural elements. It contains all the resources created by Terraform, plus any metadata needed to make Terraform work.
When you update your configuration - your HCL files - you are declaring a new desired state.
Terraform’s job is to turn that desired state into real-world. It is going to match your current state - state file - and your desired state - your configuration - and come up with a plan of execution.
The plan contains information about what needs to be created, updated or deleted on the infrastructure. Dependencies between resources are solved using a dependency graph. With everything in place, Terraform will then call all the APIs necessary to build and manage all the resources.
Let’s go back to our first example.
Imagine we change the bucket ACL from
public-read. Here’s what Terraform would do:
- Compares the current state with the desired state;
- Sees that the ACL of the bucket has changed;
- Creates a plan - 1 resource needs to be updated;
- Calls the AWS S3 endpoints to update the bucket ACL.
Will it simply update the ACL to
public-read? Will it delete the bucket and create a new one?
That depends on which type of resource is modified. In general, Terraform is smart enough to only destroy and recreate resources when absolutely needed.
..or startup, or side project?
Terraform does bring an additional complexity to your workflow. HCL is a new language to learn. The command line tool is still fairly new compared to other IaC solutions and it still shows a few rough edges.
That being said, once you master Terraform, it becomes an indispensable tool. Managing infrastructure with code can actually feel easier and safer than poking around on buttons in a cloud provider dashboard.
That’s it for an introduction, thanks for reading!
This post was originally published on HYPERFOO, go there for more!
Cover background by Paweł Czerwiński on Unsplash