Introduction to Terraform

19.12.22
Alari Varmann
Knowit Solutions Finland
Agenda
- What is Terraform
- Why Terraform : strengths and drawbacks
- Language specific details:
- State, lock file and backend configuration
- Block types: Data, resource, module
- Input and Output variables; variable precedence
- Deployment paradigms
- Workspace VS Environment (folder-based) approach
- Execution provisioners

- Comparison to alternatives
- Tool examples: Terraformer, Pluralith
- Demo: With ChatGPT; Basics; Homie-related; CI-CD
- Code analyses
About me
On next slide
Originally from Estonia (Tallinn),
living in Finland

Know Poland thanks to their ski

jumping team (Kamil Stoch & co)

Background Math & related, AI & data science

Designed multiple AI architectures on

the cloud (AWS, Azure)

Certified in Cloud (AWS & AWS Machine Learning Specialty

Terraform) AWS Solutions Architect

Terraform Associate
Install Terraform now
Then you can check out the following:

https://github.com/alarivarmann/terraform_demo_presentation

https://github.com/ExamProCo/Terraform-Associate-Labs
Why Use?
- Number 1 IaC tool in the world
- Cloud provider agnostic
- Has cloud and enterprise tiers
- Open-source (free) with a strong community
- Collaborations with Top cloud providers (on
provider-level)
- Reproducibility, testability, automation
- Reduced development cost
- Supports multi-cloud deployments
- Reduced development and provisioning time

- Integrates with other tools (e.g. CDK, CDKTF)

What is Terraform : tool & language

Currently #1 Infrastructure-as-Code provisioning language with

features
- Immutable infrastructure (idempotent)
- Declarative
- Based on HCL (Hashicorp language)
- Optionally JSON

NOT a Configuration Management Tool.

Let’s look at the graphics on the next slide to understand better.

Overview
Goal in Simplified Terms
Infrastructure creation in controlled and tested fashion
Terraform Language
Statefile
Terraform must store state about your managed
infrastructure and configuration.
This state is used by Terraform to map real world
resources to your configuration, keep track of
metadata, and to improve performance for large
infrastructures.
This state is stored by default in a local file named
“terraform.tfstate”, but it can also be stored remotely,
which works better in a team environment.
Statefile in Practice
Lockfile (state locking)
State locking as a best practice when collaborating between multiple people in the
same workspace (default behaviour)
Prevent simultaneous overwriting of the state
In AWS : use DyamoDB locking
If any issues, you can force-unlock on the Lock ID.
Can also run without a lock (OK if you’re working alone)
 Backend
- Defines where Terraform stores the state
- By default – local to store state as a local file on disk.
- Accessing state in a remote service generally requires some kind of access
credentials, since state data contains extremely sensitive information.
.
Available Backends
Note that AWS, Azure and GCP are not backends, but
providers!

AWS —> S3 (Simple Storage Service)

Azure → Azurerm (Azure Resource Manager)

GCP → GCS (Google Cloud Storage)

Providers
1-1 mapping or abstraction to a certain API.

So it can give you 1-1 way of interacting say

anything via AWS API (~can access
anything Cloudformation can),
Kubernetes API, any Azure API or any other
API from an available provider listed on
https://registry.terraform.io/browse/provid
ers
Providers usually need authentication
Another option can be to pass the keys directly, but this is less secure

A better option is to use credentials file (can require unset) or vault

Provider : Example
Practical part : Core Commands
Workflow : Terraform Workflow : Write, Plan, Apply

In practice: Init -> Plan -> apply ->? Destroy

Resource - Central Concept in Terraform
Data Source VS Resource VS Data Type
Getting Started: `terraform init`

Can require -migrate-state or -reconfigure flag usage

Getting Started: `terraform plan`
Terraform plan == dry run
Getting Started: `terraform apply`
Terraform performs the actual
deployment of the infrastructure
Getting Started : `terraform destroy`
Resource Meta-Arguments
Referencing Objects in Terraform
Variables: Input and Output Variables
When you see mention of variables, usually in Terraform they mean input
variables.
Variable == Input Variable
Both the main program and modules (“sub-program”) can have output variables

Evaluation Priority
Local variables (locals)
Output == output variable
Both the main program and modules (“sub-program”) can have output variables

module.<MODULE_NAME>.<OUTPUT_VARIABLE_NAME>
Why Use Modules?
Think about this for a second….

Experience with modules from other programming languages?

Effect of Using a Module in Terraform
DEPLOYMENT
1) Simple Deployment : Separation of Envs with Variables
Only
2) Deployment: Using Terraform Workspaces
Terraform Workspace
3) Deployment : Isolate Every Env in Separate Directory
This option replicates the same structure in different folders

- Dev
- Uat / stage
- Prod

Option 1 is a special case of option 3 where the environments are very similar to
each other – no need to create separate folders.

—> De facto options 2 and 3 are the main deployment patterns.

Comparison of Deployment Options
Reference
Some Alternatives
Agnostic tools: Pulumi
Cloud-specific tools (AWS):
CDK (best support for Typescript). Leverages Cloudformation under the hood
Cloudformation - wouldn’t recommend as the first option (not so intelligent)
Terraform has the strongest community as is most widely adopted
https://www.pulumi.com/docs/intro/vs/terraform/
Both Terraform and Pulumi are good choices for cloud-native IaC.
Pulumi & CDK enable development in the same language as application
Workflow Demo, combining with Pluralith Extension
“Golden egg” – IaC Deployed using CI-CD
Can Terraform run “Imperative” Code?
If yes, then how?
Ways how Terraform can run “imperative” code
CDKTF - can incorporate CDK code with Terraform state
Execution provisioners - local and remote
Can use “null” resource

Even if your specific use-case is not described in the following sections, we still recommend attempting to
solve it using other techniques first, and
use provisioners only if there is no other option – in a last resort.
Provisioner Example - what does this code do?
Demos
Find the associated codes here:

https://github.com/alarivarmann/terraform_demo_presentation

https://github.com/ExamProCo/Terraform-Associate-Labs
How to Migrate to Terraform? Import and Terraformer
Quiz. Q1: Passing variables between modules

1) Add an output that references the subnet module and retrieve the value using
module.subnet.subnet_id in the load balancer module
2) References to resources in a module cannot be used within other modules
3) Move the subnet and load balancer resource into the main configuration file so they
can be easily referenced
4) Publish the module to a Terraform registry first
Q1 Answer
Q2 :
What does ´terraform init' command do?
Q2 Answer
Q3 : What does it mean if a resource has ~ in front of it during
running `terraform plan`?
Q3 Answer
Reference & Learning Resources
- Website: https://www.terraform.io/
- Terraform registry: https://registry.terraform.io/?product_intent=terraform
- Online courses