Terraform — Best practices and project setup

Getting comfortable with terraform is a huge benefit while working with cloud providers. While working in a team, often if team members start to modify the cloud resources, let’s say, AWS resources, directly in the AWS console, it gets harder to track the changes, reason for the change etc.,

In this article, we will see :

• Terraform installation using Docker
• Commands cheat sheet for quick reference
• Terraform for_each to improve terraform scripts
• Advantages of using jsonencode function
• My view on terraform visualization tools
• Other terraform libraries that’s promising

Terraform installation using Docker

Though terraform offers native setup for MacOS, Windows etc., I like to use docker based terraform client for following reasons:

• In MacOS, terraform depends on XCode. Updating XCode takes lot of disk space and time.
• docker based terraform client is lightweight and switching to latest version of terraform becomes much easier
• Docker based terraform client — hashicorp/terraform
• I like a docker-compose based local setup, since we could have all environment params, arguments, command to invoke etc., in a easy to use form.

docker-compose.yaml file content

Terraform commands cheat sheet

Terraform workspaces

Workspaces are separate instances of state data that can be used from the same working directory. This is super useful when working with different environments like dev, qa, prod etc., The tfstate files are maintained in separate spaces.

# Create a new workspace
docker-compose run --rm terraform workspace new dev
# Switch to a workspace
docker-compose run --rm terraform workspace select dev

for_each block

for_each block is a powerful functionality in terraform. By using this, we can reduce the redundant terraform script and make the script more readable and maintainable.

resource "aws_secretsmanager_secret" "my_secrets" {
  for_each = toset(["app_1", "app_2"])
  name = format("%s/${each.key}", var.environment)
  description = "Secrets used by apps"
}

The above resource will result in multiple secrets getting created based on the list that we provided.

Usage and reference of resources created with for_each example:

• for_each resources are internally map type. We can address them with key name map['key_1'] and get any attribute of that object

Use jsonencode instead of EOF

There are different ways to add json content into the terraform resource property. If we use EOF kind of ways, I find it hard to debug the issue, since syntax errors and other issues doesn’t show up during `plan` phase. It only shows up during `apply` phase.

By using jsonencode, errors are catched during `plan` phase

Visualize terraform

We have following options. Before we begin, few pointers:

• docker-compose file shown above provides few options. This should help to play around easily
• After playing around with few of them, I am not very happy with the results on a big terraform project. It was hard to get useful information for my needs.
• For large terraform projects, generated diagrams are too big. Cannot read clearly
• Normal terraform plan shows changes like git diff format, which is super useful. Most of the tools that played with, make viewing the changes more complex and hard to find the difference.
• However I like the idea of visualizing terraform and this space is rapidly evolving.

Few options are discussed below:

• rover — 1.6k github stars
• terraboard — A web dashboard to inspect Terraform States. check here for more
• Inframap
• blast radius — Interactive visualizations of Terraform dependency graphs. check here for more
• modules.ft — Converts visual diagrams to infrastructure as code automatically. check here for more

Tools | Libraries

• geopoiesis — Specialized continuous integration and deployment tool for modern declarative infrastructure provisioning and management. check here for more
• terraforming — Export existing AWS resources to Terraform style (tf, tfstate). check here for more
• terraformer — CLI tool to generate terraform files from existing infrastructure. check here for more
• scenery — Terraform plan output prettifier. check here for more
• terrahub — TerraHub is terraform automation and orchestration tool. Seamlessly integrated into console.terrahub.io, enterprise friendly GUI to show realtime terraform executions, as well as auditing and reporting capabilities for historical terraform runs. check here for more
• Visual studio code extension that is helpful to work with terraform. — https://marketplace.visualstudio.com/items?itemName=HashiCorp.terraform