Published on

Terraform is awesome

Authors
  • avatar
    Name
    Seb
    Twitter

Ansible, Chef etc: Configuration-as-Code for the server

In the early days, infrastructure teams used to set up servers, install software and roll out patches on a regular basis. Backups would be taken, to be able to restore a configuration in case of issues.

But what if one would need another instance of the same server, with the same configuration? Just plainly restoring a previous backup would not work, as some configuration (e.g. static IP address, as simple example) might be different between systems. How can we make sure the setup is the same? How can we reliably save and share the knowledge on how to set up a server correctly from scratch? How can we version our changes?

Systems like Ansible were be developed to create re-producible, version-able (server) configuration-as-code.

But after we have set up our server, how can we install and deploy our applications in a reliable fashion? How can we take care of conflicting application dependencies? How can we safely remove applications and their dependencies?

Docker: Configuration-as-Code for application build and setup

Later, the groundbreaking containerization technology (e.g. Docker) came through. Infrastructure teams could focus on providing container platforms (basically just server with Docker installed, but no application-specific installs) and application teams would provide their immutable container images for the infrastructure team to run. Brilliant!

But what if we go one step beyond the server?

In a cloud environment, besides servers, we have many things that can be setup, and configured: networks, databases, queues, firewalls, load balancers, whatever it is, it needs setup and configuration.

When doing such setup manually, we run into problems that we already saw with servers and applications: How can we make things reproduce-able? How can we version changes? How can we share the knowledge of how to set up our cloud?

Terraform: Configuration-as-Code for (cloud) Infrastructure

Meet Terraform, an infrastructure-as-code tool.

With Terraform, we can describe our (cloud) infrastructure as code and make therefore make our infrastructure reproduce-able, version-able etc.

E.g. we could set up an AWS S3 bucket with a code snippet like this:

resource "aws_s3_bucket" "sebtest" {
  bucket = "sebs-test-bucket"

  tags = {
    Name        = "My test bucket to showcase Terraform!"
    Environment = "Dev"
  }
}

We can now run a terraform apply from our command line to roll-out the changes to our AWS account. We do not even need to log in to AWS. Always good to not have to leave the terminal .. 🤠

We can now reproduce our S3 bucket and version all changes to it! Even better, Terraform supports many features we know from conventional programming like variables, functions and packages.

For example, we can use the ID of our S3 bucket above like this:

resource "aws_s3_bucket_lifecycle_configuration" "test-config" {
  bucket = aws_s3_bucket.sebtest.id

  rule {
    id = "rule-1"

    filter {
      prefix = "logs/"
    }

    # some s3 lifecycle rules
    # ...

    status = "Enabled"
  }
}

This enables us to build our entire intermingled cloud infrastructure with declarative code.

We can spawn (and de-commission) new instances of our entire environment, making it simple to e.g. support multiple development environments (prod, staging, dev, ...). We do not have to rely on remembering how to do things in the AWS console, and we don't have to be afraid to make changes because we can roll them back. We can even build CI/CD pipelines or create AWS IAM users.

There's many official and unofficial providers (Terraform packages) for all kind of cloud infrastructure, even for smaller players like DataDog, Splunk or even my beloved Keycloak!

With all those newly achieved powers, the future is bright: People are already building interesting tools around Terraform like support for infrastructure setup security scans via e.g. tfsec and cloud cost estimations via e.g. infracost...

Summary

By using Terraform, there's so many advantages, it is hard to list them all. Similar to docker, I find this to be an absolute game changer. We can focus on programming our infrastructure, as opposed to manually configuring.

Hot take: If your infrastructure team is not using Terraform (or at least something similar like AWS CloudFormation) yet, they are living in the past! 😇 Go try it if you haven't yet!