Tag: terraform

Terraform Cheat Sheet

Terraform cheat sheet

Basics

Terraform Cloud runs Terraform operations and stores state remotely, so you can use Terraform without worrying about the stability of your local machine, or the security of your state file.

Modules Overview

Using Terraform modules can help promote code reuse, reduce duplication of effort, and improve maintainability of infrastructure code.

Providers Overview

A Terraform provider is a plugin that enables Terraform to manage resources of a specific technology or service, such as cloud platforms, databases, or APIs, by exposing its resources and operations through a set of APIs.

State file overview

Terraform state is a persistent data store that tracks the current state of infrastructure resources provisioned by Terraform, allowing it to manage changes and track resource dependencies.

Authentication in Terraform Cloud

To authenticate Terraform Cloud with Azure or AWS you can create an Azure SPN or AWS IAM user with the relevant permissions and then define the credentials as variables in the Terraform Cloud environment.

Terraform Cloud Authentication

To authenticate Terraform Cloud with Azure or AWS you can create an SPM or IAM user in the cloud with the relevant permissions and then define the credentials as variables in the Terraform Cloud environment.

Outputs

When you use Terraform Cloud with module and configuration files, the outputs from the module are captured and made available as output variables in the Terraform Cloud workspace. These output variables can then be used in other Terraform configurations or modules.

Projects & Workspace

Projects are collections of related workspaces and, workspaces are logical environments that allow you to organize and manage your infrastructure code

Variables Sets

Variable sets allow Terraform Cloud users to reuse both Terraform-defined and environment variables not just from root to child modules, but across certain workspaces or an entire organization.

VCS structure & workspaces

Variable sets allow Terraform Cloud users to reuse both Terraform-defined and environment variables not just from root to child modules, but across certain workspaces or an entire organization.

Authentication

How authentication works in Terraform

How Terraform Authentication works with AWS

How authentication works in Terraform

AWS CLI credentials

Using the AWS CLI ~/.aws/credentials file.

How Terraform Authentication works with Azure

How authentication works in Terraform

Terraform Authentication using Azure SPN

To authenticate Terraform with Azure, you can use Azure Active Directory (Azure AD) to generate a service principal (SPN), and then use the workstation CLI to configure the necessary environment variables for Terraform to access and manage Azure resources.

Azure SPN from a workstation

To authenticate Terraform with Azure, you can use Azure Active Directory (Azure AD) to generate a service principal (SPN), and then use the workstation CLI to configure the necessary environment variables for Terraform to access and manage Azure resources.

Azure VNet Bastion

This pattern will demonstrate a simple VNet configuration with an Azure Bastion as the only way to access a Linux VM.

Checkov Security Scan

Checkov is a powerful tool for organizations that use IaC to provision their cloud infrastructure. By scanning configuration files for security misconfigurations, Checkov helps teams catch and fix potential issues before they become actual security incidents.

Terraform Conditionals

Terraform conditionals are expressions that allow you to dynamically set values based on the evaluation of specified conditions, enabling greater flexibility and adaptability in your infrastructure configuration.

Console

Terraform console is an interactive command-line tool used to evaluate expressions and interpolate variables in Terraform configurations.

Control Structure

Used to manage the flow of code execution and control how resources or modules are created and configured.

Create an Azure SPN for Terraform

An Azure Service Principal (SPN) is a security identity used by applications and services to access Azure resources.

Environment Variables

Setting AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as environment variables.

format

Stores small snippets of code or other types of data that can be easily referenced in the future

Functions

Terraform functions are built-in utilities that perform operations on data and metadata within the Terraform configuration files to enable dynamic and reusable configurations.

How Modules Work

Creating a Terraform module involves defining input variables, output values, and one or more resource definitions that can be reused in other Terraform configurations.

How to Use Terraform

A Terraform provider is a plugin that enables Terraform to manage resources of a specific technology or service, such as cloud platforms, databases, or APIs, by exposing its resources and operations through a set of APIs.

Module Inputs

Terraform module inputs are variables that allow users to customize and parameterize the behavior of a module.

How providers are installed and configured

Installing a provider in Terraform involves specifying the required providers and their versions in the Terraform configuration, and then running terraform init, which automatically downloads and installs the providers in your local environment.

State file isolation

Terraform state isolation ensures that each Terraform configuration maintains its own separate and independent state file to prevent interference or conflicts with other configurations.

Module Locals

Terraform module locals are variables that are used to simplify expressions or avoid repeating values within a module

State file location

Terraform state file locations can be configured to be stored locally on the machine running Terraform or remotely in a backend like Amazon S3, Terraform Cloud, or Azure Blob, enabling collaboration and sharing state across teams.

Terraform Loops

Terraform loops, implemented using count or for_each meta-arguments, allow the creation of multiple instances of a resource or module based on an integer count or items in a map or set, simplifying repetitive resource configurations.

Modules

Terraform modules are reusable configurations that can be called from other Terraform configurations.

Use multiple Accounts

Using multiple providers in Terraform involves specifying each required provider in your configuration file, each with its unique settings, allowing management of resources across different platforms or regions within the same configuration.

Use multiple providers

Using multiple providers in Terraform involves specifying each required provider in your configuration file, each with its unique settings, allowing management of resources across different platforms or regions within the same configuration.

Module Outputs

Terraform module outputs are values that a module can return to the calling code to expose information about the resources it created or modified.

Module Paths

Terraform module paths refer to the hierarchical structure used to organize and reference resources within a Terraform configuration, facilitating resource management and interdependencies in infrastructure as code deployments.

Terraform Preconditions & Postconditions

Terraform preconditions are mechanisms used to assert certain states or conditions before executing Terraform operations, thereby enforcing the desired state and ensuring the integrity of the infrastructure-as-code deployment.

Providers

A Terraform provider is a plugin that enables Terraform to manage resources of a specific technology or service, such as cloud platforms, databases, or APIs, by exposing its resources and operations through a set of APIs.

random_id

Stores small snippets of code or other types of data that can be easily referenced in the future

Terraform Secret Management

Terraform secret management involves securely storing and accessing sensitive information, such as API keys or passwords, within Terraform configurations and workflows.

Terraform Security

Terraform security involves implementing measures to protect the integrity, confidentiality, and availability of infrastructure-as-code deployments, including secure authentication, access controls, and vulnerability management.

Terraform State

Terraform state is a persistent data store that tracks the current state of infrastructure resources provisioned by Terraform, allowing it to manage changes and track resource dependencies.

State as a data source

Terraform remote state data source allows retrieving and using the current state of a Terraform-managed infrastructure from a remote backend as an input to other Terraform configurations.

Static credentials

Hard-coding credentials directly into the Terraform provider block.

State file storage

Terraform state file locations can be configured to be stored locally on the machine running Terraform or remotely in a backend like Amazon S3, Terraform Cloud, or Azure Blob, enabling collaboration and sharing state across teams.

templatefile

Stores small snippets of code or other types of data that can be easily referenced in the future

Terraform

Terraform is an open-source infrastructure-as-code tool that allows developers to define and manage infrastructure resources, such as virtual machines, storage, and networks, in a declarative way. It provides a consistent, repeatable way to create and update infrastructure, and supports a wide range of cloud providers and services.

Terraform Cloud

Terraform Cloud is a SaaS platform that provides collaboration, governance, and automation features for managing infrastructure as code with Terraform.

Terraform Docs

Automate creating README.md files for your Terraform code

Terratest

Terratest is an open-source Go library that provides patterns and helper functions for testing infrastructure, with first-class support for Terraform, Docker, Packer, and other infrastructure-as-code tools, facilitating the writing and execution of automated tests to ensure the correctness and robustness of the infrastructure.

Testing

Terraform testing involves validating the infrastructure-as-code templates and configurations to ensure the provisioning and management of cloud resources function correctly

Terraform Testing Types

Terraform testing types primarily include unit testing, integration testing, and end-to-end testing, used to validate individual components, the interactions between components, and the complete functionality of the Terraform code respectively.

TFLint

TFLint is a linter specifically designed for Terraform configurations.

Terraform Unit Tests

Unit tests in Terraform are used to validate the behavior of individual resources or modules, ensuring that they function as expected when given specific input, thereby contributing to the robustness and reliability of the infrastructure as code.

Terraform Validations

Terraform validations are a set of checks performed on a Terraform configuration to ensure its correctness and adherence to best practices before executing the infrastructure-as-code deployment.

Module Versioning

Terraform module versioning is a mechanism for managing changes and ensuring consistency of infrastructure deployments by assigning unique version numbers to modules.

A Workflow for Deploying IaC

Zero-Downtime Deployment

Terraform’s “create_before_destroy” approach ensures that when updating an existing resource, a new version is first created before the old one is destroyed to minimize downtime and data loss.