HashiCorp Infrastructure Automation Certification Guide E-Book

HashiCorp Infrastructure Automation Certification Guide

Pass the Terraform Associate exam and manage IaC to scale across AWS, Azure, and Google Cloud

Ravi Mishra

BIRMINGHAM—MUMBAI

HashiCorp Infrastructure Automation Certification Guide

Copyright © 2021 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Wilson D'souza

Publishing Product Manager: Vijin Boricha

Senior Editor: Shazeen Iqbal

Content Development Editor: Romy Dias

Technical Editor: Shruthi Shetty

Copy Editor: Safis Editing

Project Coordinator: Shagun Saini

Proofreader: Safis Editing

Indexer: Subalakshmi Govindhan

Production Designer: Aparna Bhagat

First published: July 2021

Production reference: 1140721

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80056-597-5

www.packt.com

I would like to dedicate this book to my sweet and lovely daughter, Kaira Mishra, expecting her to be reading this book in the near future.

Contributors

About the author

Ravi Mishra (born in 1988) is a multi-cloud architect with a decade of experience in the IT industry. He started his career as a network engineer, then later, with time, he got the opportunity to work in the cloud domain, where he worked his hardest to become an expert in cloud platforms such as AWS, Azure, GCP, and Oracle. Along with the cloud, he has also developed a skillset in DevOps, containerization, Kubernetes, and Terraform. This was what inspired him to write this book.

Ravi has an electronics engineering degree, with a postgraduate diploma in IT project management.

Throughout his career, he has worked with multiple global MNCs.

He has more than 35 cloud certifications, including as a Microsoft Certified Trainer and a public speaker. You can find him on LinkedIn as inmishrar.

Thanks to almighty God, who has given me the power and notion to draft this book.

Special thanks to my wife, Kavita Mishra, for her continued support and encouragement with everything that I do. I genuinely appreciate what you have done for us and I love you.

To my parents, Anil Mishra and Sarita Mishra, for their blessings throughout my life.

To my brother, Ratnesh Mishra, Hamid Raza (my Guru), and the whole Packt team, who helped me during this entire journey.

About the reviewers

Clara McKenzie is currently a support engineer for Terraform at HashiCorp with a long career in software, specializing in networking and embedded platforms. Born in San Francisco, she studied mathematics at Reed College in Portland, Oregon. Her work adventures include setting up the NFS/RPC group at Sun Microsystems, the NetWareForMac team at Novell, the Core Software Team at Ascend Communications, the Gracenote SDK Team, and creating test scenarios for Planets Dove Satellites. She goes by the name cemckenzie on GitHub.

Mehdi Laruelle is an automation and cloud consultant. Mehdi has had the opportunity to work for several years for major players in the industry. He has worked with DevOps culture and tools leading him to use HashiCorp software such as Terraform, Vault, and Packer. Knowledge is a passion that he likes to share, whether through training, articles, or meetups. He is the co-organizer of the HashiCorp User Group France meetup. This has led to him being recognized as a HashiCorp Ambassador and AWS Authorized Instructor (AAI).

Table of Contents

Preface

Section 1: The Basics

Chapter 1: Getting to Know IaC

Technical requirements

Introduction to IaC

Advantages of IaC

Simple and speedy

Configuration consistency

Risk minimization

Increased efficiency in software development

Cost savings

Introduction to Terraform

What is Terraform?

Features of Terraform

Terraform use cases

A comparison with other IaC

CloudFormation versus Terraform

Azure ARM templates versus Terraform

Google Cloud Deployment Manager versus Terraform

An understanding of Terraform architecture

Terraform Core

Terraform plugins

Summary

Questions

Further reading

Chapter 2: Terraform Installation Guide

Technical requirements

Installing Terraform on Windows

Downloading Terraform

Installing Terraform on Linux

Downloading Terraform

Installing Terraform on macOS

Downloading Terraform

Summary

Questions

Further reading

Section 2: Core Concepts

Chapter 3: Getting Started with Terraform

Technical requirements

Introducing Terraform providers

Terraform providers

Knowing about Terraform resources

Terraform resources

Understanding Terraform variables

Terraform variables

Understanding Terraform output

Terraform output

Understanding Terraform data

Terraform data sources

Summary

Questions

Further reading

Chapter 4: Deep Dive into Terraform

Technical requirements

Introducing the Terraform backend

Terraform state

The purpose of the Terraform state file

Terraform backend types

Understanding Terraform provisioners

Terraform provisioner use cases

Terraform provisioner types

Understanding Terraform loops

The count expression

The for_each expression

The for expression

Understanding Terraform functions

Understanding Terraform debugging

Summary

Questions

Further reading

Chapter 5: Terraform CLI

Technical requirements

Introduction to the Terraform CLI

Integrating with Azure

Authentication using a Service Principal and a Client Secret

Provisioning Azure services using Terraform

Integrating with AWS

Authentication using an access key ID and secret

Provisioning AWS services using Terraform

Integrating with GCP

Authentication using a Google service account by storing credentials in a separate file

Provisioning GCP services using Terraform

Understanding the Terraform CLI commands

Summary

Questions

Further reading

Chapter 6: Terraform Workflows

Technical requirements

Understanding the Terraform life cycle

Terraform init

Terraform validate

Terraform plan

Terraform apply

Terraform destroy

Understanding Terraform workflows using Azure DevOps

Summary

Questions

Further reading

Chapter 7: Terraform Modules

Technical requirements

Understanding Terraform modules

source

version

Writing Terraform modules for Azure

Writing Terraform modules for AWS

Writing Terraform modules for GCP

Publishing Terraform modules

Key requirements

Publishing a module

Summary

Questions

Further reading

Section 3: Managing Infrastructure with Terraform

Chapter 8: Terraform Configuration Files

Technical requirements

Understanding Terraform configuration files

Terraform native configuration syntax

Terraform override file

JSON configuration syntax

Data types

Terraform style conventions

Writing Terraform configuration files for GCP

Writing Terraform configuration files for AWS

Writing Terraform configuration files for Azure

Summary

Questions

Further reading

Chapter 9: Understanding Terraform Stacks

Technical requirements

Understanding Terraform stacks

Writing Terraform stacks for GCP

Writing Terraform stacks for AWS

Writing Terraform stacks for Azure

Summary

Questions

Further reading

Chapter 10: Terraform Cloud and Terraform Enterprise

Technical requirements

Introducing Terraform Cloud

Terraform Cloud workflow

Understanding Terraform Enterprise

Overviewing Terraform Sentinel

Comparing different Terraform features

Summary

Questions

Further reading

Chapter 11: Terraform Glossary

Assessments

Other Books You May Enjoy

Preface

Terraform is in huge demand in the IT market. There is a serious question about managing the IT infrastructure in code format. So, Terraform is an option for users that can help to build, configure, and manage the infrastructure.

This book provides you with a walkthrough from the very basics of Terraform to an industry expert level. It is a comprehensive guide that starts with an explanation of Infrastructure as Code (IaC), mainly covering what Terraform is and what the advantages of using Terraform are. Moving further, you will be able to set up Terraform locally in your system. In the next phase, you will get a thorough understanding of the different blocks, such as providers, resources, variables, output, and data, used in Terraform configuration code.

This book provides details of the Terraform backend, provisioners, loops, and inbuilt functions, and how to perform debugging with Terraform. In this book, you will learn how to integrate Terraform with Azure, AWS, and GCP. Along with integration, you will also be able to write Terraform configuration files covering all the three major clouds, which make up the best part of this book, so that you get a proper understanding of different use cases in all the major clouds, that is, Azure, AWS, and GCP. We also explain the complete Terraform life cycle, covering init, plan, apply, and destroy, which will help you to get an understanding of the Terraform workflow with CI/CD tools.

In the expert section of this book, we will discuss Terraform stacks and modules. In this section, you will understand how effectively you can write modules and combine those modules to build a complex stack covering all three clouds – Azure, AWS, and GCP. This helps users to manage huge enterprise-level infrastructure easily and effectively.

This book also covers Terraform products such as Terraform Enterprise and Terraform Cloud. You will get an understanding of the different features of Terraform Enterprise and Terraform Cloud. You will also get a great understanding of Sentinel, which is policy as code that can be implemented to ensure infrastructure is getting provisioned as per the necessary compliance before infrastructure actually gets provisioned into cloud providers such as Azure.

Overall, this book provides great learning for you about Terraform and using Terraform and how effectively you can use it to build and manage your enterprise-level infrastructure. Not only this, but with this book you can also get yourself prepared for the Terraform Associate exam and easily crack the exam.

Who this book is for

This book is designed for those who are planning to take the Terraform Associate exam. It is good for developers, administrators, and architects who are keen to learn about IaC, that is, Terraform. This doesn't mean that it restricts others from learning. Anyone who wishes to explore and learn about the HashiCorp product Terraform can read this book and get great learning from it.

What this book covers

Chapter 1, Getting to Know IaC, looks at IaC, which is basically a way of writing infrastructure in a code format so that the whole deployment of the infrastructure, its updating, and its manageability can be performed easily. Terraform is an IaC product from HashiCorp.

This chapter will cover topics that include the definition of IaC and its benefits. This chapter will also include an introduction to Terraform and a comparison with other IaC options such as AWS CloudFormation and Azure ARM templates. We will also discuss Terraform architecture and the workings of Terraform, which will help you to get a thorough understanding of how Terraform is used.

Chapter 2, Terraform Installation Guide, covers Terraform installation; before we start working with Terraform and get our hands dirty by writing Terraform configuration code, we need to have terraform.exe files installed on our system.

This chapter is one of the foundational pillars for learning about Terraform. It will cover how a user can install terraform.exe on their local machine, whether it is a macOS, Linux, or Windows system. Not only this, but it will also provide information on how you can validate the presence of Terraform in your local system.

Chapter 3, Getting Started with Terraform, discusses how writing Terraform configuration code with proper syntax is very important. This chapter consists of the core concepts of Terraform. When we need to write Terraform configuration code, we need to define it with some building blocks such as resources, data, variables, outputs, and providers. In this chapter, we will be discussing the different blocks used in Terraform configuration code and how a user can define and use them in the real world.

Chapter 4, Deep Dive into Terraform, looks at how there are many things that need to be taken care of, such as the state file of Terraform. The state file may hold some sort of confidential data of your infrastructure, so it needs to be stored securely.

This chapter will cover topics including use cases of the Terraform backend and how it can be used for storing the state file. In this chapter, we are also going to talk about Terraform provisioners and their use cases.

Like other programming languages, Terraform also supports different types of loops that can be used while writing the Terraform configuration file. In this chapter, we will also talk about some important topics such as different loops supported by Terraform and Terraform inbuilt functions that help to convert respective values into the required format. Along with this, we will explain how you can perform debugging in Terraform.

Chapter 5, Terraform CLI, looks at how if you wish to deploy infrastructure in Azure, AWS, or GCP using Terraform, then how you can provision them. To do that, we need to get our Terraform CLI authenticated to respective clouds.

This chapter will talk about different authentication methods used by the Terraform CLI for cloud providers such as Azure, AWS, and GCP. Not only this, but it will also cover different Terraform CLI commands and their uses.

Chapter 6, Terraform Workflows, covers how it is important for us to understand how Terraform is used to perform workflows and how it is used to manage its life cycle. We also need to understand the importance of the Terraform life cycle.

This chapter will cover the core workflow of Terraform, which includes creating a Terraform configuration file (Write), previewing the changes (Plan), and then finally committing those changes to the target environment (Apply). Once we are done with the creation of the resources, we might be required to get rid of those infrastructures (Destroy). In a nutshell, we plan to cover Terraform core workflows that mainly consist of init, plan, apply, and destroy and the respective subcommands and their outputs. This chapter also covers how we can use CI/CD tools such as Azure DevOps with Terraform.

Chapter 7, Terraform Modules, discusses how managing a large infrastructure is a challenging task for the administrator. So, we need to have some solution so that it could be easy for the administrator to manage the whole infrastructure using Terraform. So, for better understanding, in this chapter, we will cover how you can create a module and reuse that module while drafting Terraform configuration files.

Chapter 8, Terraform Configuration Files, explains that when writing Terraform configuration files, following the correct syntax and industry best practices is very important. This chapter will cover different types of configuration files, that is, JSON files and HCL files. We are also going to talk about what industry best practices can be followed while writing a Terraform configuration file for major cloud providers such as AWS, Azure, and GCP. We will discuss how you can use different blocks such as resources, data sources, locals, variables, and modules in the Terraform configuration file.

Chapter 9, Understanding Terraform Stacks, looks at how sometimes it is required to deploy a very large enterprise-level infrastructure, and writing Terraform configuration code for it would be very lengthy, so we need to think about how we can shorten the length of the code and make it reusable.

In this chapter, we are going to cover Terraform stacks, which are nothing but a collection of modules. We are also going to discuss some best practices of preparing stacks and modules for cloud providers such as AWS, GCP, and Azure.

Chapter 10, Terraform Cloud and Terraform Enterprise, covers different products of Terraform, that is, Terraform Cloud and Terraform Enterprise. We will discuss different source control, such as GitHub, that can be integrated with Terraform Cloud to get Terraform configuration files. We will also discuss Terraform Sentinel, that is, policy as code. Sometimes it is essential to ensure that our infrastructure is provisioned as per compliance and Terraform Sentinel features that are available in most enterprise products of HashiCorp, such as Vault Enterprise, Nomad Enterprise, Consul Enterprise, Terraform Cloud, and Terraform Enterprise, to help us to set up a policy to check and validate before the actual deployment of infrastructure happens. Furthermore, we will see the different features that are present in Terraform Cloud and Enterprise as compared to the Terraform CLI.

Chapter 11, Terraform Glossary, is the most interesting chapter of the entire book. Almost everyone wants to have a quick revision of the keywords used in the book. So, this chapter will talk about different Terraform acronyms used in the book.

To get the most out of this book

It is always good for you to have a basic understanding of different cloud services, such as AWS, GCP, and Azure. Along with this, you should have some knowledge about DevOps tools such as Azure DevOps and GitHub. Additionally, some experience with writing scripting such as PowerShell or Bash would be beneficial. However, the code samples in this book have been written using the HashiCorp Configuration Language.

If you are using the digital version of this book, we advise you to type the code yourself or access the code via the GitHub repository (link available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.

Irrespective of whether you are sitting the HashiCorp Infrastructure Automation Terraform Associate Certification exam, it is recommended to attempt the assessment questions after completing all the chapters. This will be a good way to assess the knowledge absorbed from the content of the book.

Download the example code files

You can download the example code files for this book from GitHub at https://github.com/PacktPublishing/HashiCorp-Infrastructure-Automation-Certification-Guide. In case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Code in Action

Code in Action videos for this book can be viewed at https://bit.ly/3wrqAoP.

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://www.packtpub.com/sites/default/files/downloads/9781800565975_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "This step is skipped if terraform init is run with the -plugin-dir=<PATH> or -get-plugins=false options."

A block of code is set as follows:

# Configure the Microsoft Azure provider

provider "azurerm" {

  version            = "=2.20.0"

  features {}

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

  subscription_id    = "...."

  client_id          = "...."

  client_secret      = "...."

  tenant_id          = "...."

} 

Any command-line input or output is written as follows:

 mkdir terraform && cd terraform

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Now you need to set the environment variable path for Terraform.exe, and to do that, go to This PC, right-click on it, and go to Properties | Advance system settings | Environment Variables."

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Share Your Thoughts

Once you've read HashiCorp Infrastructure Automation Certification Guide, we'd love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we're delivering excellent quality content.

Section 1: The Basics

Section 1 aims to introduce you to the basics of Infrastructure as Code (IaC), comparing other IaC options such as ARM templates and AWS CloudFormation to Terraform and how Terraform can be used to provision infrastructure. You will also get an understanding of how Terraform can be set up on a local system.

The following chapters will be covered under this section:

Chapter 1: Getting to Know IaC

In this chapter, we are going to discuss what Infrastructure as Code (IaC) is in detail. We will be discussing the benefits of using IaC. Furthermore, we will start describing the basics of Terraform, and then undertake a comparison of Terraform with other available IaC options, including AWS CloudFormation, Azure Resource Manager (ARM), and Google Cloud Deployment Manager. Moving on, we will then discuss Terraform architecture.

Throughout this chapter, we will be focusing on Terraform for major cloud providers, including GCP, AWS, and Azure. The whole chapter will help you in terms of achieving a fair understanding of Terraform (IaC) and how you can overcome the old lego system of executing manual changes to your environment. This will help you get an idea of how you can start using Terraform for infrastructure automation in your organization.

The following topics will be covered in this chapter:

Technical requirements

To follow along with this chapter, you need to have a basic knowledge of different IaC options, including ARM templates and AWS CloudFormation, while a basic knowledge of major cloud providers, such as GCP, AWS, and Azure, will be beneficial.

Introduction to IaC

Before learning about Terraform, let's try to understand what it basically means for us and how it helps make users' lives easier in the IT industry. The first thing that always comes to consumers' minds is that when they need an IT infrastructure, for example, if they want a virtual machine, they need to raise a ticket on some ticket portal such as ServiceNow, and someone from the backend would log in to that ticketing portal and take that ticket from the queue and deploy the virtual machine for the consumer, either in VMware or a HyperV environment through the management portal using some click jobs. That is the traditional approach for infrastructure deployment, which is somewhat fine if they need to manage infrastructure in their private data center and there is very little possibility of performing scaling of those deployed resources, which means once it gets provisioned, after that no one is requesting further changes to the created resource.

In all these cases, it is fine if they easily go ahead and perform all the operations manually but what about if they need to deploy a very large infrastructure consisting of more repeatable work in the cloud? Then it would be a really tedious job for the administrator to provision those resources manually and also it is a very time-consuming job for them. So, to overcome this challenging situation, most cloud vendors have come up with an approach of IaC, which is mostly an API-driven approach. Most cloud vendors have published APIs for all their resources. Using that API, we can easily get the resource deployed in the cloud.

Nowadays, as most customers are moving toward the cloud, and as we all know, cloud platforms provide us with more elasticity and scalability in terms of their infrastructure, this means you can easily utilize the resources and pay for what you use; you don't need to pay anything extra. Just think down the line of an administrator needing to perform the scaling up and down of resources and how difficult it would be for them. Let's suppose there are 1,000 resources that need to be scaled up during the day and scaled down at night.

In this case, consumers need to raise 1,000 tickets for performing the scale-up and again 1,000 more tickets for scaling down, which means by the end of the day, the system administrator who is managing the infrastructure will get flooded with so many requests and it would be really impossible for them to handle this. So, here we have something called IaC, which is a way of deploying or managing the infrastructure in an automated way. All the resources that need to be managed will be defined in code format and we can keep that code in any source control repository, such as GitHub or Bitbucket. Later, we can apply a DevOps approach to manage our infrastructure easily. There are many advantages of using IaC; we are going to discuss a few of them.

Advantages of IaC

Let's discuss a few of the advantages of using IaC.

Simple and speedy

Using IaC, you would able to spin up a complete infrastructure architecture by simply running a script.

Suppose you need to deploy infrastructure in multiple environments, such as development, test, preproduction, and production. It would be very easy for you to provision it with just a single click. Not only this, but say you need to deploy the same sort of infrastructure environments in other regions where your cloud provider supports backup and disaster recovery.

You can do all this by writing simple lines of code.

Configuration consistency

The classical approach of infrastructure deployment is very ugly because the infrastructure is provisioned and managed using a manual approach that helps to maintain some consistency in the infrastructure deployment process. But it always introduces human error, which makes it difficult to perform any sort of debugging.

IaC standardizes the process of building and managing the infrastructure so that the possibility of any errors or deviations is reduced. Definitely, this will decrease any incompatibility issues with the infrastructure and it will help you to run your application smoothly.

Risk minimization

When we were managing infrastructure manually, it was observed that only a handful of Subject Matter Experts (SMEs) knew how to do it and the rest of the team members remained blank, which introduces dependency and security risks for the organization. Just think of a situation where the person who is responsible for managing the complete infrastructure leaves the organization; that means whatever they knew they might not have shared with others or they may not have updated the documents. At the end of the day, risk has been introduced to the organization because that employee is leaving. Many times, in such cases, the organization needs to undergo some reverse engineering to fix any issues.

This challenging situation can be controlled by using IaC for the infrastructure. IaC will not only automate the process, but it also serves as a form of documentation for your infrastructure and provides insurance to the company in cases where employees leave the company with institutional knowledge. As you know, we generally keep IaC to source control tools such as Azure Repos or GitHub. So, if anyone makes any configuration changes to the infrastructure, they will get recorded in the source control repository. So, if anyone leaves or goes on vacation, it won't impact the manageability of the infrastructure because the version control tool will have kept track of the changes that have been performed on the infrastructure and this would definitely reduce the risk of failure.

Increased efficiency in software development

Nowadays, with the involvement of IaC for infrastructure provisioning and managing, developers get more time to focus on productivity. Whenever they need to launch their sandbox environments to develop their code, they are easily able to do so. The quality analyst (QA) will be able to have a copy of the code and test it in separate environments. Similarly, security and user acceptance testing can also be done in different staging environments. With a single click, both the application code and infrastructure code can be done together following Continuous Integration and Continuous Deployment (CI/CD) techniques.

Even if we want to get rid of any infrastructure, we can include an IaC script that will spin down the environments when they're not in use. This will shut down all the resources that were created by the script. So, we won't end up performing a cleanup of the orphan resources that are not in use. All this would help to increase the efficiency of the engineering team.

Cost savings

IaC would definitely help to save costs for the company. As we mentioned earlier, IaC script can help us create and automate the infrastructure deployment process, which allows engineers to stop doing manual work and start spending more time in performing more value-added tasks for the company, and because of this, the company can save money in terms of the hiring process and engineers' salaries.

As we mentioned earlier, IaC script can automatically tear down environments when they're not in use, which will further save companies cloud computing costs.

After getting a fair understanding of IaC and the benefits of using it, let's move ahead and try to learn some details about one IaC technology – Terraform.

Introduction to Terraform

Welcome to this introductory guide to Terraform. For anyone who is new to Terraform and unaware of what it is, as well as for the purpose of comparison with other IaC tools that are currently associated with major cloud providers including AWS, Azure, and Google, we believe that this is the best guide to begin with. In this guide, we will be focusing on what Terraform is and what problems it can solve for you, undertaking a comparison with other software tools, including ARM templates, AWS CloudFormation, and Google Cloud Deployment Manager, and explaining how you can start using Terraform effectively in your day-to-day jobs related to the provisioning and maintenance of your IT infrastructure.

What is Terraform?

Terraform is one of the open source tools that was introduced to the market by HashiCorp in 2014 as IaC software (IaC means we can write code for our infrastructure) that is mainly used for building, changing, and managing infrastructure safely and efficiently. Terraform can help with multi-cloud environments by having a single workflow, in other words, terraform init, terraform plan, terraform apply, and so on, for all clouds. The infrastructure that Terraform manages can be hosted on public clouds such as AWS, Microsoft Azure, and GCP, or on-premises in private clouds such as VMware vSphere, OpenStack, or CloudStack. Terraform handles IaC, so you never have to worry about your infrastructure drifting away from its desired configuration.

Terraform mainly uses Terraform files ending with .tf or .tf.json that hold detailed information about what infrastructure components are required in order to run a single application or your entire data center. Terraform generates an execution plan, which describes what it is going to do to reach the desired state, and then executes it to build the infrastructure described. If there is any change in the configuration file, Terraform is able to determine what has been changed and create incremental execution plans that can be applied.

Terraform can not only manage low-level components, such as compute instances, storage, and networking; it can also support high-level components, such as DNS and SaaS features, provided that the resource API is available from the providers.

After learning about what Terraform is, you might have one more question in your mind: what exactly makes this Terraform so popular? To answer that question, first and foremost, Terraform is cloud-agnostic, which means you can provision or manage your infrastructure in any cloud platform. The second thing that makes Terraform very much in demand is its standard workflow. You don't need to remember N number of parts of the workflow; a simple init, plan, and apply from Terraform's point of view would be enough and it is the same across any platform. The third factor is the Terraform syntaxing. Terraform uses uniform code syntaxing whether you work on any cloud or on-premises. There are many more exceptional factors that could encourage enterprise customers to start using Terraform.

Features of Terraform

Let's now try to get an understanding of all of Terraform's features, which are pushing up market demand for the product.

Infrastructure as code

Infrastructure is defined in a code format based on proper syntax in a configuration file that can be shared and reused. The code defined in the configuration file will provide a blueprint of your data center or the resource that you are planning to deploy. You should be able to deploy a complete infrastructure from that configuration file following the Terraform workflow.

Execution plans

The Terraform workflow has three steps – init, plan, and apply. During the planning step, it generates an execution plan. The execution plan gives you information about what Terraform will do when you call apply. This means you do not get any sort of surprise when you perform terraform apply.

Note

We are going to cover in detail the Terraform workflow in the upcoming chapters. So, stay tuned.

Resource graph

Terraform builds a graph of all your resources and parallelizes the creation and modification of any non-dependent resources. Because of this resource graph, Terraform manages to build infrastructure as efficiently as possible that is sufficiently intelligent to understand dependencies in its infrastructure.

Changing automation

Complex changes to your defined infrastructure can be applied with minimal humaninteraction. With the aforementioned execution plan and resource graph, you know exactly what Terraform will change and in what order, thereby avoiding multiple possible human errors.

Terraform use cases

As we have got to know what Terraform is, let's now learn about some of the use cases of Terraform in the enterprise world. A few of them have been discussed as follows.

Heroku app setup

Heroku is one of the most popular Platforms as a Service (PaaS) for hosting webapps. Developers use it to create an app and then attach other services, such as a database or email provider. One of the best features of the Heroku app is its ability to elastically scale the number of dynos or workers. However, most non-trivial applications quickly require many add-ons and external services:

Figure 1.1 – Heroku app architecture

By using Terraform, entire things that are required for a Heroku application setup could be codified in a configuration file, thereby ensuring that all the required add-ons are available, and the best part of this is that with the help of Terraform, all of this can be achieved in just 60 seconds. Any changes requested by the developer in the Heroku app can be actioned immediately using Terraform, whether it be a complex task related to configuring DNS to set a CNAME or setting up Cloudflare as a content delivery network (CDN) for the app, and so on and so forth.

Multi-tier applications

N-tier architecture deployment is quite common across the industry when thinking about the required infrastructure for an application. Generally, two-tier architecture is more in demand. This is a pool of web servers and a database tier. As per the application requirements, additional tiers can be added for API servers, caching servers, routing meshes, and so on. This pattern is used because each tier can be scaled independently and without disturbing other tiers:

Figure 1.2 – N-tier application architecture

Now, let's try to understand how Terraform can support us in achieving N-tier application infrastructure deployment. In the Terraform configuration file, each tier can be described as a collection of resources, and the dependencies between the resources for each tier can either be implicit or we can define them explicitly so that we can easily control the sequence of the resource deployment. This helps us to manage each tier separately without disturbing the others.

Self-service clusters

In a large organization, it's quite challenging for the central operation team to provide infrastructure to the product team as and when needed. The product team should be able to create and maintain their infrastructure using tooling provided by the central operations team:

Figure 1.3 – Self-service cluster

In the preceding requirement, the entire infrastructure can be codified using Terraform, which will focus on building and scaling the infrastructure, and a Terraform configuration file can be shared within an organization, enabling product teams to use the configuration as a black box and use Terraform as a tool to manage their services. During deployment of the infrastructure, if the product team encounters any issues, they can reach out to the central operations team for help and support.

Software demos

Nowadays, software development is increasing by the day, and it is very difficult to get the infrastructure required to test that software. We have tools such as Vagrant at our disposal to help us build virtualized environments, and while you may be able to use that environment for demonstration purposes, it is really difficult to perform software demos directly on production infrastructure:

Figure 1.4 – Software demo example

A software developer can provide a Terraform configuration to create, provision, and bootstrap a demo on cloud providers such as Azure, GCP, and AWS. This allows end users to easily demo the software on their infrastructure, and it even allows them to perform scale-in or scale-out of the infrastructure.

Disposable environments

In the industry, it is quite common to have multiple landscapes, including production, staging, or development environments. These environments are generally designed as a subset of the production environment, so as and when any application needs to be deployed and tested, it can easily be done in the smaller environment; but the problem with the increase in complexity of the infrastructure is that it's very difficult to manage it:

Figure 1.5 – Multiple environments

Using Terraform, the production environment that you constructed can be written in a code format, and then it can be shared with other environments, such as staging, QA, or dev. This configuration code can be used to spin up any new environments to perform testing, and can then be easily removed when you are done testing. Terraform can help to maintain a parallel environment and it can provide an option in terms of its scalability.

Software-defined networking

Software-Defined Networking (SDN) is quite famous in data centers, as it allows operators to operate a software-defined network very smoothly and developers are able to develop their applications, which can easily be run on top of the network infrastructure provided. The control layer and infrastructure layer are the two main components for defining a software-defined network:

Figure 1.6 – Software-defined network

Software-defined networks can be transformed into code using Terraform. The configuration code written in Terraform can automatically set up and modify settings by interfacing with the control layer. This allows the configuration to be versioned and changes to be automated. As an example, Azure Virtual Network is one of the most commonly used SDN implementations and can be configured by Terraform.

Resource schedulers

In large-scale infrastructures, the static assignment of applications to machines is very challenging. In terms of Terraform, there are many schedulers available, such as Borg, Mesos, YARN, and Kubernetes, that can be used to overcome this problem. These can be used to dynamically schedule Docker containers, Hadoop, Spark, and many other software tools:

Figure 1.7 – Kubernetes with Terraform

Terraform is not just limited to cloud providers such as Azure, GCP, and AWS. Resource schedulers can also