Have you ever been frustrated that you misconfigured some part of your cloud infrastructure and ended up troubleshooting for hours because of a simple fat-fingered mistake? It has happened to me more than I would like to admit, and I got tired of it. So, I set out to learn the best way to automate the creation of Cloud infrastructure, which in my case, is not limited to one Cloud provider, but all Cloud providers.
At first, I was mainly looking at creating ARM (Azure Resource Manager) templates because I thought Chef, Ansible, and Terraform would be more complicated. I quickly found that building and maintaining ARM templates was a nightmare and hard to manage. Also, these templates were specific to Azure, so when I went to automate another cloud provider’s infrastructure, I had to learn how to use an entirely new service, like AWS’s offering, CloudFormation. That led me to a question: what if we have a client that wants to use Google Cloud? I would then have to learn how to do use that system as well. I’m sure you can see where this is going. The ARM template approach wasn’t going to cut it.
I regrouped and really dug into the details, differences, and benefits of the other more complex tools to see if they could handle my infrastructure automation in a more rational way.
I needed something that would have the extensibility to work with all cloud providers, could easily be interpreted, adopted, and configured by co-workers that don’t necessarily have the time to learn a whole new tool. And most of all, I wanted the infrastructure to live on, and be married with, the code repository forever and ever.
After looking at sample code, and watching intro tutorials for each of the IaC offerings, I decided that Terraform was my guy. So, I bought a $12, 40-hour Udemy course. Finished the course and felt real dangerous. The concepts were dead simple and all the demos I had done up to that point made it seem almost effortless to go about templating out any and every service we use in Azure.
Digging into Terraform
Terraform is an IaC tool for managing and provisioning infrastructure using machine-readable definition files. It has gained traction over the past few years because the way it works is unique. Unlike the competition, with Terraform you lay out all the pieces you want and Terraform determines what depends on what. For example, at the very least, an azure web application consists of a resource group, web app, app insights, and a database. In the case of creating that infrastructure, Terraform would determine that the resource group should be created first because it’s a required input for the other resources we are creating. The same goes for destroying that infrastructure. Terraform knows without your guidance that the resource group should be the last thing destroyed.
Now that I had a handle on the basics of Terraform. I set out to automate some of our more popular Infrastructure setups (i.e. API web apps, SQL Servers and databases, Azure Firewalls, VMs with defined Vnets, etc).
Once I got things just how I wanted, I started converting all the individual pieces into re-usable modules.
Now when starting a new project, I look at my shelf of Terraform examples and modules to create infrastructure better, faster, and more efficiently than ever before. There’s still got a long way to go, but I like where I’m headed.
The benefits of adopting any form of IaC are endless. Things that were difficult to get configured, or the little things that get missed, are showing up less and less frequently, and the quality of my infrastructure keeps improving. Because of the re-usability of this new approach, I have a lot more time to spend on learning the next thing. It used to take me a whole day to configure new environments correctly. Now I can do it in minutes.
Terraform at its core is very simple to understand. The documentation for providers is tremendous and incredibly consistent. Like many things in life, Terraform is very easy to pick up, but hard to master quickly. It can be tricky getting pipelines to work properly with remote storage in a consistent way and it can be tough to master the proper way to move changes from one environment to the next, but with Terraform a ton of the hurdles are one-time things.
At this point. I believe Terraform, or just using IaC in general, is a fundamental requirement for all organizations. I feel like one of those Kubernetes people now. “I don’t care how small or short-lived your project is, you have to use it!”
- Andy Heninger, DevOps Engineer, AWH
Terraform by HashiCorp, www.terraform.io/.