How Terraform infrastructure as code works
What is a Terraform and Infrastructure as Code?
Terraform is an open source tool built by Hashicorp to automate the provisioning of infrastructure resources. It is used to build, manage, update and delete infrastructure resources like virtual machines, containers, networking and others using infrastructure as a coding philosophy. Terraform is a vendor agnostic tool and can manage infrastructure for multiple resource providers (for example AWS, Google Cloud, Azure, Aviatrix, Heroku, Oracle, etc.).
In simple terms, if you want to provision a Virtual Private Cloud or an EC2 instance in AWS, you can write a terraform configuration to automate this process rather than doing it manually from AWS console.
What is Infrastructure as a Code?
Infrastructure as code means writing code to provision, manage and deploy IT infrastructure.
Not too long ago, development and operations used to be two separate processes and worked in silos. While development teams were focused on developing the application, operations teams were tasked with provisioning the hardware and managing the deployment processes for those applications. Most of the work that operations teams did was manual like installing physical servers, connecting cables, installing the applications and related dependencies on servers. As organizations started growing, this posed a big challenge because the growth was choked by the manual processes handled by the operations team which could not scale as fast as the application development processes.
As Cloud became more popular and companies started moving their infrastructure to cloud, it gave them the opportunity to manage their operations more efficiently by investing time in writing code. This gave rise to a more popular philosophy called DevOps which aims at delivering software efficiently, by allowing you to manage everything in code.
Benefits of Infrastructure as Code
- Modular development – It allows us to treat our infrastructure as a piece of software which can be written once and used multiple times. This makes the life much easier, because now we can reuse the code that is written once
- Software Development Methodologies – Take advantage of proven practices like version control, modular development, testing etc. in the infrastructure world
- Problem Resolution – Debug and ascertain the root cause of the problem easily: as we are maintaining infrastructure as a code, we can take advantage of versioning systems, so anyone trying to debug an issue or a problem with infrastructure can look through the history of changes made and trace the problem
- Agility – Makes the entire application development and deployment process more agile by ensuring less dependence on manual work thereby reducing errors
Infrastructure as a code involves various tools like ad-hoc scripts to automate manual tasks, configuration management tool such as Chef, Puppet, Ansible etc., infrastructure templating tools such as Docker, Vagrant, etc. and infrastructure provisioning tools like Terraform. The choice of the one type of tool vs others or a combination of one or more tool types would depend on the specific use cases which are out of the scope of this article. For the scope of this article, I am assuming that you have already made a choice to go ahead with Terraform.
Terraform Configuration File
To build and deploy the infrastructure using Terraform, a terraform configuration file needs to be created. It is a simple text file with “.tf “extension where you specify the infrastructure resource(s) you want to build. The .tf format is more human readable, supports comments and is the recommended format for the Terraform configuration files. (Terraform also supports JSON format but it is less commonly used.)
Terraform configuration is strictly declarative. This means that when you write code, you specify the desired end state, and terraform will take the steps to achieve that end state. That end state is specified in the configuration file primarily as providers and resources.
Infrastructure providers (for example AWS, Google Cloud, Azure, Heroku, Aviatrix etc.) are called “Providers” in Terraform. A provider is responsible for managing resources and handling API interactions for the pieces of infrastructure that they manage. In a terraform configuration file, a provider is initialized with the “provider” keyword.
A resource is a piece of infrastructure or service that a provider wants to expose and can be provisioned. For example, a VPC is a resource in AWS provider. In a terraform configuration file, a resource is initialized with the “resource” keyword.
A basic Terraform configuration file can be written as (see the full specification here):
parameter1 = “parameter value1”
parameter2 = “parameter value2”
parameter1 = “parameter value1”
parameter2 = “parameter value2”
- provider keyword: It is the keyword used to initialize a Provider like AWS, Google Cloud etc.
- provider_name: Name of the desired provider. For example, the provider name for AWS is “aws”.
- resource keyword: Keyword used to establish a resource block.
- resource_type: The resource type. For example, aws_instance is a resource within aws provider to create an EC2 instance.
- resource_name: The name of the resource. This will be used to reference this resource in the configuration file.
- parameters: Parameters are the end states that you want to define and can be either optional or mandatory.
Basic Terraform commands
Terraform configuration files are executing using the “terraform” binary. The terraform command accepts various subcommands that operate on the configuration file(s) in the current directory. Here are the most commonly used subcommands:
- terraform init – Initializes a new or existing terraform configuration
- terraform plan – Generates and shows an execution plan
- terraform apply – Builds or changes the infrastructure
- terraform show – Inspects or shows the current state
Terraform records the state of your infrastructure in a state file. This allows you to make incremental changes in the future by simply changing the same configuration file to match your desired end state.
Using what we have learned, let’s build a simple configuration file that provisions a single virtual Private Cloud (VPC) in AWS.
Step 0: Prerequisites
Install Terraform and a text editor of your choice.
Step 1: Open Configuration File
Create an empty text file called main.tf in an empty folder.
Step 2: Initialize the aws Provider
Add the following code to configure the AWS provider:
access_key = “Your AWS Access Key”
secret_key = “Your AWS Secret Key”
The above code snippet will authenticate the user using AWS IAM account credentials. It also sets some important environment variables like “region” to tell AWS to build necessary resource in “us-east-1” region. It is important to configure the provider before using it to build resources.
Step 3: Define an aws_vpc Resource
Once the provider is configured, add the code that will define an “aws_vpc” resource. We will refer to this resource as “vpc_name”, but you can call it whatever you like. Inside the resource block, specify values for parameters like cidr_block and instance_tenancy. You can find a complete list of parameters available for every resource in its documentation.
Step 4: Execute Terraform Configuration file
> terraform plan
> terraform apply
In our example, Terraform will do the following:
- init will install any providers that are not yet installed and initialize this new configuration
- the plan will show you what changes will be applied in the next step
- apply will use your existing credentials to authenticate you with AWS as the user and create the VPC resource.
Step 5: Update
Change the configuration file to add a “count” parameter in the resource block:
Save the file and apply it again:
> terraform apply
Now, you will see 1 additional VPC with the 192.168.0.0/16 CIDR block created.
Of course, we have just looked at the very basics of Terraform in this article and there is much more to Terraform (like Data Sources, Interpolation, Overrides, Modules etc.), but let us keep it for another day. However, with the information given in this article, you can start writing your own basic configuration files fairly easily and provide any type of infrastructure that you want to in a few minutes.
Become the cloud networking hero of your business.
See how Aviatrix can increase security and resiliency while minimizing cost, skills gap, and deployment time.