21 May, 2023
Terraform
Terraform is a web infrastructure orchestrator. We started using it at Unknown Worlds recently, and it seems like The Way of handling deployment of complex infrastructure.
Here are the basic components of the dev cycle:
- Infrastructure specification using HashiCorp Configuration Language
- API calls to the provider (AWS, GCP, Azure etc)
- Provisioning – managing the software and environment on provided infrastructure
- Saving the state of the infrastructure. This is what makes the “cycle” possible – you can iterate on your scripts, and Terraform will remember the previous state of the infrastructure in a state file
Documentation URL: https://developer.hashicorp.com/terraform
You can find Terraform CLI install instructions here: https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli
You might also want to install AWS CLI: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
Here’s an example of an AWS-hosted infrastructure that could host a website, WordPress or something like it:
Terraform’s the tool to make it work quickly! Each element can be described in a great detail, the dependencies and relations are possible to describe in a clean way, and Terraform should be able to validate it all.
Basic commands:
terraform init
is used to initialize Terraform and download all dependenciesterraform plan
is used to verify the access credentials and validate stepsterraform apply
is used to apply the changes to target environmentterraform fmt .
is used to format codeterraform destroy
can be used to easily delete non-production environments. Production environments should be protected about this! See https://developer.hashicorp.com/terraform/cli/commands/destroy
Here are some random notes:
- A good practice is to use .env files to store credentials. Don’t forget about .gitignore.
- https://registry.terraform.io/ contains providers repository
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
- Best place to store the state file would be a remote storage – an S3 bucket for example.
- SOPS enables sensitive data to be safely represented in repositories. See https://github.com/mozilla/sops and https://registry.terraform.io/providers/carlpett/sops/latest/docs