An Introduction to Terraform: Cloud-Agnostic Infrastructure Provisioning
November 3, 2020
As enterprises continue to embrace the public cloud for their infrastructure needs and invest in innovation, it brings forth a new set of challenges in infrastructure provisioning:
- How do you evolve your infrastructure in a safe, agile and cost-effective manner?
- If you are considering a multi-cloud strategy how do you overcome the cognitive overload involved in learning and maintaining cloud-specific tools whether it be CloudFormation for AWS, Cloud Deployment Manager for GCP or Azure Resource Manager for Azure?
- How do you avoid vendor lock-in?
Terraform addresses all of the above challenges.
What is Terraform?
Terraform is an open source, infrastructure-as-code (IaC) tool created by HashiCorp and released in 2014. It is cloud-agnostic – meaning it lets us deploy and manage infrastructure across a variety of public cloud providers such as AWS, Azure and GCP, as well as private cloud and virtualization platforms such as OpenStack and VMware.
The code is written in a declarative programming language called HCL (Hashicorp Configuration Language), or optionally JSON. The advantage of declarative programming is that we only need specify the desired end state and let Terraform figure out the various intermediate steps required to produce the desired result.
Benefits of IaC
Maintaining infrastructure at scale is extremely challenging. By expressing infrastructure as code, we can:
- Automate and manage infrastructure, enabling enterprises to react in an agile manner to changing demands
- Build identical resources and environments across different regions
- Build security requirements as part of the infrastructure
- Reduce human access and intervention, minimizing errors and enabling compliance
And by using a version control system, we get the added benefits of persistence, documentation and collaboration.
Comparison with Other Tools
There are different tools in the infrastructure management and provisioning space, including:
- Configuration management tools–these tools are primarily designed to install and manage software on existing servers, for e.g., Ansible, Chef, Puppet etc.
- Server templating tools–these tools create an image of a server, i.e., a snapshot of an operating system with all its required dependencies, for e.g., Docker, Vagrant. This image can then be deployed on your servers using an IaC tool
- Server provisioning tools–these tools are responsible for creating servers and broadly any aspect of infrastructure such as databases, caches, load balancers etc., for e.g., Terraform, CloudFormation, Cloud Deployment Manager etc.
Now, you might be asking: “If Terraform serves the same purpose as CloudFormation or Cloud Deployment Manager, why use Terraform?” Well, the answer is that the other tools are vendor-specific i.e., they only have features specific to their respective cloud providers. For customers looking towards a multi-cloud strategy, it may be a far more pragmatic option to invest in a cloud-agnostic tool such as Terraform that enables them to write configurations for any of the major cloud providers.
The Building Blocks of Terraform Code
Below is an example of a minimal Terraform code to create a AWS EC2 ‘t2.micro’ instance in the ‘us-west-2’ region:
Providers are responsible in Terraform for managing the lifecycle of a resource, i.e., create, read, update, delete. In the above example, the provider is ‘aws’. Where explicit configuration is required, a ‘provider’ block is used. In this example, the ‘provider “aws”‘ block specifies that we want to create the infrastructure in the us-west-2 region using the ‘default’ profile.
Resources are the most important element in the Terraform configuration. Each resource block describes one or more infrastructure objects, such as virtual networks, compute instances or higher-level components such as DNS records. In this example, the resource block declares a resource of a given type (‘aws instance’) with a given local name (‘example’). The configuration for the resource specifies that we want to create an instance of type – ‘t2.micro’ using the Amazon Machine Image (ami) – ‘ami-830c94e3’.
Following are some of the frequently used Terraform commands:
terraform init – This is the first command that should be run after writing a new Terraform configuration:
- terraform init command is used to initialize a working directory by loading the required plugins using both direct and indirect references to providers
- It is safe to run this command multiple times – it will not delete your existing configuration
terraform plan – creates an execution plan. It is a convenient way to check whether the actions you will be taking, match your expectations without making any changes to real resources or to the state
terraform apply – is used to apply the changes required to reach the desired state of the configuration.
When you apply your configuration, Terraform writes data into a file called terraform.tfstate.
- This file contains the IDs and properties of the resources that Terraform created so that it can manage or destroy those resources going forward
- You must save your state file securely and distribute it only to trusted team members who need to manage your infrastructure
terraform destroy – destroy the Terraform-managed infrastructure.
Following are some of the steps a user might execute as part of a typical Terraform workflow:
- Create the .tf configuration file
- Run ‘terraform init’ to initialize the working directory
- Run ‘terraform plan’ to validate the changes
- Run ‘terraform apply’ to apply the changes and create the required infrastructure
- When the created infrastructure has served its intended purpose, the user may optionally decommission the infrastructure by running the ‘terraform destroy’ command
The Groupware team has the knowledge and deep expertise to help you throughout your cloud journey. Stay tuned for the next blog in this series on Terraform Cloud.
Ganesh Shankaran is a Cloud Solutions Engineer at Groupware.