Mastering Terraform E-Book

Mastering Terraform

A practical guide to building and deploying infrastructure on AWS, Azure, and GCP

Mark Tinderholt

Mastering Terraform

Copyright © 2024 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Preet Ahuja

Publishing Product Manager: Surbhi Suman

Book Project Manager: Ashwin Kharwa

Senior Editor: Runcil Rebello

Technical Editor: Nithik Cheruvakodan

Copy Editor: Safis Editing

Proofreader: Runcil Rebello

Indexer: Subalakshmi Govindhan

Production Designer: Joshua Misquitta

DevRel Marketing Coordinator: Rohan Dobhal

First published: July 2024

Production reference: 1120724

Published by Packt Publishing Ltd.

Grosvenor House

11 St Paul’s Square

Birmingham

B3 1RB, UK

ISBN 978-1-83508-601-8

www.packtpub.com

To my Mom and Dad, thank you for investing in a family PC, recognizing my talent, believing in me, and giving me a gentle push in the right direction.

Foreword

Cloud computing has transformed the way applications are built and delivered. In the early days of the public cloud, the services available were generally low-level infrastructure. Today, the hyperscalers provide a broad range of services, including specialized data stores, application middleware, and many compute platforms for virtual machines, containers, and functions. Applications can be quickly built by composing together services. Scaling with demand becomes totally elastic without complex capacity planning.

While building applications is easier, our infrastructure is now more complex than ever. Infrastructure as Code is broadly adopted to manage the complexity of cloud infrastructure by allowing users to simply codify the resources required to support their application. HashiCorp Terraform is the de facto standard for Infrastructure as Code, driven by an extensible ecosystem that supports thousands of integrations spanning public cloud providers, Software as a Service (SaaS), hardware systems, and more.

This new book on Terraform provides a pragmatic, hands-on approach covering real-world scenarios. The author, Mark Tinderholt, deeply understands cloud environments as a principal architect at Microsoft Azure. For readers new to Terraform, the book provides a foundational overview to understand Terraform, the HashiCorp Configuration Language (HCL), and how to use the extensible providers. From there, the author covers the key concepts needed for cloud-based applications and patterns such as GitOps and CI/CD.

Going from the basic concepts, the author then dives into real-world examples of using Terraform to manage virtual machines, containers, and functions across AWS, Azure, and GCP. This takes the core concepts and applies them, to enable you to quickly do the same. This hands-on approach enables you to better understand how to apply Terraform outside of simple examples.

The book ends by providing guidance on best practices in production environments, how to adopt Terraform for existing infrastructure using the import mechanisms, and finally, how to continue learning through Terraform certifications. There are multiple levels of Terraform certifications, with tens of thousands of people certified. The certifications are useful both to test your knowledge and competence with Terraform and to share with prospective employers.

This book is a great resource for anybody hoping to learn more about Infrastructure as Code with HashiCorp Terraform and quickly get an understanding of how to use it to build applications in the major cloud providers. The author brings a depth of understanding as a senior engineer with a first-hand understanding of how cloud providers are built, having spent years working with Terraform.

Armon Dadgar

Co-Founder and CTO of HashiCorp

Contributors

About the author

Mark Tinderholt has over two decades of experience as a software developer and architect. With a solid foundation in application development and a pioneering role in cloud technology adoption, he has led diverse teams across numerous industry verticals on multiple cloud platforms. As an expert in cloud technology, Mark embraced Terraform early on to empower his development teams with greater control over their application environments. He organizes his local HashiCorp User Group (HUG) and is a HashiCorp ambassador. He also hosts a popular YouTube channel called Azure Terraformer.

I want to thank all those who have helped support and shape me as a person and professional—my parents, teachers, mentors, colleagues, and my loving family.

About the reviewers

Maksim Muravev is a talented DevOps engineer with over 10 years of experience. He is currently enhancing game technology at Wargaming in Cyprus. His expertise spans AWS, Terraform, Kubernetes, and continuous integration/continuous deployment (CI/CD) systems. Maksim’s contributions to the professional community include founding Hackathon Raptors, winning DevOps-related hackathons, and sharing his knowledge through blogs and workshops. His work has been recognized in technical and academic circles, underscoring his commitment to bridging practical applications with theoretical insights.

In this journey of bytes and dreams, I extend my deepest gratitude to the communities and individuals who’ve been the lighthouses in the vast ocean of technology. Your wisdom and camaraderie have been my compass. Thank you to my family, whose patience and love have been the bedrock of my persistence. This book is a testament to the collective spirit of innovation and support that fuels our industry.

Nikolay Malykhin started to work as a system administrator at university and, after finishing his master’s degree in computer networking, continued to work as a control system and equipment engineer more than 10 years ago.

All these years, he has not only been a husband, father of two boys, and friend but has grown up as an engineer.

Today, he works as a software engineer in the delivery division at Ness, one of Israel’s largest and most prominent information technology and digital service providers.

I want to thank my friends and Packt Publishing for giving me this amazing opportunity to review this book and help create something for engineering and IT, which I like so much.

I would also like to thank my wife – without her support, it wouldn’t have been possible to find time for this book between family and work.

Table of Contents

Preface

Part 1: Foundations of Terraform

1

Understanding Terraform Architecture

Understanding Terraform architecture

The plan

Configuration language

Modularity

Understanding Terraform state

State file

Partial resource management

Understanding how to build and consume modules

Module design

Consuming modules

Understanding how to use the CLI effectively

init

validate

workspace

plan

apply

destroy

Summary

2

Using HashiCorp Configuration Language

Resources and data sources

Resources

Data sources

Locals and types

Locals

Primitive types

Collection types

Complex objects

Inputs and outputs

Inputs

Outputs

Meta-arguments

Provider

Depends on

Lifecycle

Loops and iterations

For each

For expressions

Expressions

Conditional expressions

Splat expressions

Dynamic blocks

Functions

Numeric functions

String functions

Collection functions

Encoding functions

Filesystem functions

Date/time functions

Hash/crypto functions

IP network functions

Type conversion functions

Summary

3

Harnessing HashiCorp Utility Providers

Working with reality

Randomizing

Working with time

Adaptation and integration

Accessing external resources

When you want to make something from nothing

Making HTTP requests

Filesystem

Reading and writing local files

Templating files and directories

Generating file archives

Operating system and networking

Generating certificates and SSH keys

Generating CloudInit configuration

Configuring DNS records

Summary

Part 2: Concepts of Cloud Architecture and Automation

4

Foundations of Cloud Architecture – Virtual Machines and Infrastructure-as-a-Services

Understanding the key concepts of networking

Networking

Subnets

Routing

Network security

Network peering

Service endpoints

VPN and Direct Connect

Understanding the key concepts of compute

Disks

Network Interface Cards (NICs)

Linux versus Windows

Auto-scaling

Understanding the role of virtual machine images

Static virtual machines

Using configuration manager

Custom virtual machine images

Build versus bake

Summary

5

Beyond VMs – Core Concepts of Containers and Kubernetes

Understanding key concepts of container architecture

Containers

Leveraging Docker to build container images

Writing a Dockerfile

Building a Docker image

Running Docker images

Working with container registries

Docker Hub

Understanding key concepts of container orchestration and Kubernetes

Kubernetes architecture

Configuration and secrets

Continuous deployment (CD)

Understanding Kubernetes manifests

Kubernetes manifests

Configuration and secrets

Using the Kubernetes provider to provision Kubernetes resources

The Kubernetes Terraform provider

Kubernetes resources

Evaluating the trade-offs

Leveraging the Helm provider to provision Kubernetes resources

What is Helm?

The Helm Terraform provider

Summary

6

Connecting It All Together – GitFlow, GitOps, and CI/CD

Understanding key concepts of GitOps

Understanding CI/CD

Anatomy of pipeline

Leveraging GitHub for source control management

Gitflow

GitHub flow

Using GitHub Actions for CI/CD pipelines

Virtual machine workloads

Container workloads

Serverless workloads

Terraform tools

Summary

Part 3: Building Solutions on AWS

7

Getting Started on AWS – Building Solutions with AWS EC2

Laying the foundation

Designing the solution

Cloud architecture

Deployment architecture

Building the solution

Packer

Terraform

Automating the deployment

Packer

Terraform

Summary

8

Containerize with AWS – Building Solutions with AWS EKS

Laying the foundation

Designing the solution

Cloud architecture

Deployment architecture

Building the solution

Docker

Terraform

Kubernetes

Automating the deployment

Docker

Terraform

Kubernetes

Summary

9

Go Serverless with AWS – Building Solutions with AWS Lambda

Laying the foundation

Designing the solution

Cloud architecture

Deployment architecture

Building the solution

Terraform

Application code

Automating the deployment

Terraform

Deployment

Summary

Part 4: Building Solutions on Azure

10

Getting Started on Azure – Building Solutions with Azure Virtual Machines

Laying the foundation

Designing the solution

Cloud architecture

Deployment architecture

Building the solution

Packer

Terraform

Automating the deployment

Packer

Terraform

Summary

11

Containerize on Azure – Building Solutions with Azure Kubernetes Service

Laying the foundation

Designing the solution

Cloud architecture

Deployment architecture

Building the solution

Docker

Infrastructure

Kubernetes

Automating the deployment

Docker

Terraform

Kubernetes

Summary

12

Go Serverless on Azure – Building Solutions with Azure Functions

Laying the foundation

Designing the solution

Cloud architecture

Deployment architecture

Building the solution

Terraform

Application code

Automating the deployment

Terraform

Deployment

Summary

Part 5: Building Solutions on Google Cloud

13

Getting Started on Google Cloud – Building Solutions with GCE

Laying the foundation

Designing the solution

Cloud architecture

Deployment architecture

Building the solution

Packer

Terraform

Automating the deployment

Packer

Terraform

Summary

14

Containerize on Google Cloud – Building Solutions with GKE

Laying the foundation

Designing the solution

Cloud architecture

Deployment architecture

Building the solution

Docker

Infrastructure

Kubernetes

Automating the deployment

Docker

Terraform

Kubernetes

Summary

15

Go Serverless on Google Cloud – Building Solutions with Google Cloud Functions

Laying the foundation

Designing the solution

Cloud architecture

Deployment architecture

Building the solution

Terraform

Application code

Automating the deployment

Terraform

Deployment

Summary

Part 6: Day 2 Operations and Beyond

16

Already Provisioned? Strategies for Importing Existing Environments

Importing individual resources

The import command

Import block

Importing multiple resources

Identifying resources to import

AWS

Azure

Google Cloud Platform

Importing existing environments

Terraformer

The Azure Export Tool

Limitations

Best practices

Blast radius

Sometimes moving slowly is moving fast

Blue/green deployment

Summary

17

Managing Production Environments with Terraform

Operating models

State management

Standalone application

Shared infrastructure

Shared services

Applying changes

Patching

Upgrading providers

Upgrading modules

Refactoring

Planning for failure

Breakfixing

Apply-time failures

Removing from state

Importing into state

Summary

18

Looking Ahead – Certification, Emerging Trends, and Next Steps

Preparing for the exam

Scope and topics

Preparation

Terraform Cloud

Features

What’s next?

CDK

Terraform Stacks

Summary

Closing statement

Index

Other Books You May Enjoy

Part 1: Foundations of Terraform

Before we begin our journey, we need to establish the conceptual model, architecture, and capabilities that define Terraform and how it can be harnessed to develop and maintain your cloud architectures.

This part has the following chapters: