Slides for my "Terraform modules and best-practices" talk on meetups during September 2018.
Some links from the slides:
https://www.terraform-best-practices.com/
https://cloudcraft.co/
https://github.com/terraform-aws-modules/
https://github.com/antonbabenko/modules.tf-lambda
3. Anton Babenko
Terraform AWS fanatic
Organise {HashiСorp, AWS, DevOps} User Groups in Norway
DevOpsDays Oslo (29-30th October 2018)
I 💚 open-source — github.com/antonbabenko
• terraform-community-modules + terraform-aws-modules
• antonbabenko/terrapin — Terraform modules generator
• antonbabenko/pre-commit-terraform — make your configurations nicer
• antonbabenko/modules.tf-lambda — from visual diagram to Terraform
• antonbabenko/terraform-best-practices
twitter.com/antonbabenko linkedin.com/in/antonbabenko medium.com/@anton.babenko
4. October 22-24, 2018 | San Francisco
Use the code HUG-COM20TK1 for 20% off
your General Admission ticket
5. Application Delivery with HashiCorp
https://www.hashicorp.com/resources/application-delivery-hashicorp
Write
Test
Package
Provision
Deploy
Connect
Secure
11. Why Terraform and not AWS CloudFormation,
Azure ARM, Google Cloud Deployment Manager?
• Terraform manages 100+ providers, has easier syntax (HCL), has native
support for modules and remote states, has teamwork related features, is an
open-source project.
• Provides a high-level abstraction of infrastructure (IaC)
• Allows for composition and combination
• Supports parallel management of resources (graph, fast)
• Separates planning from execution (dry-run)
12. Terraform’s Goals
• Unify the view of resources using infrastructure as code
• Support the modern data center (IaaS, PaaS, SaaS)
• Expose a way for individuals and teams to safely and predictably change
infrastructure
• Provide a workflow that is technology agnostic
• Manage anything with an API
13. Terraform — is a universal tool to manage
anything that has an API
• GSuite resources
• Dropbox user files
• New Relic alerts
• Datadog users, monitors
• Jira issues
• See All Terraform providers
14. What are the tools/solutions out there?
• Terraform Registry (https://registry.terraform.io/) — collection of public Terraform
modules for common infrastructure configurations for any provider.
• Terraform linter to detect errors that can not be detected by `terraform plan` —
https://github.com/wata727/tflint
• Terraform version manager — https://github.com/kamatama41/tfenv
• A web dashboard to inspect Terraform States — https://github.com/camptocamp/
terraboard
• Jsonnet — The data templating language — http://jsonnet.org
15. Atlantis — Start working on Terraform as a team
A unified workflow for collaborating on Terraform through GitHub, GitLab and Bitbucket
https://www.runatlantis.io
16. Terragrunt
Thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules
https://github.com/gruntwork-io/terragrunt/
No logo found
Check issue #570
for details
17. How to handle secrets in Terraform?
• Can you accept secrets to be saved in state file in plaintext? Probably not.
• AWS IAM password & access secret keys — use PGP as keybase.io
• AWS RDS — set dummy password and change after DB is created
• AWS RDS — use iam_database_authentication_enabled = true
• EC2 instance user-data + AWS KMS
• EC2 instance user-data + AWS System Manager’s Parameter Store
• AWS Secrets Manager
• https://github.com/opencredo/terrahelp
• Other options:
• Secure remote state location (S3 bucket policy, KMS key)
20. Types of Terraform modules
Resource modules (terraform-aws-modules, for eg):
• Create resources (obviously)
• Few relations to other modules (usually)
• Very flexible
Infrastructure modules:
• Use specific version of resource modules
• Company-wide standards (eg, tags and names)
• May use code generators (jsonnet, cookiecutter, etc)
Compositions:
• Use specific version of infrastructure or resource modules
• Provide all the values for region, environment, module, etc
• Terragrunt is awesome
https://www.terraform-best-practices.com/key-concepts
22. Collection of Terraform AWS modules supported by the community (100+ contributors).
More than 1,5 million downloads since September 2017.
(VPC, Autoscaling, RDS, Security Groups, ELB, ALB, Redshift, SNS, SQS, IAM, EKS, ECS…)
github.com/terraform-aws-modules
registry.terraform.io/modules/terraform-aws-modules
23.
24.
25. cloudcraft.co features
• Manage AWS components in browser (EC2 instances, autoscaling groups, RDS, etc)
• Connect components
• Import live AWS infrastructure
• Calculate the budget
• Share link to a blueprint
• Export as image
• Embed drawing to wiki, Confluence, etc
29. ✓ cloudcraft.co — design, plan and visualize
✓ terraform-aws-modules — building blocks of AWS infrastructure
✓ Terraform — infrastructure as code
30. modules.tf notes
✓ Deployed for beta users: https://cloudcraft.co/app?beta
✓ Generates potentially ready-to-use Terraform configurations
✓ Suits best for bootstrapping
✓ Enforces Terraform best practices
✓ Batteries included (terraform-aws-modules, terragrunt, pre-commit, …)
✓ 100% free for all & open-source (https://github.com/antonbabenko/modules.tf-lambda )
✓ Want to sponsor, or a sticker? Contact me.
31. What’s next?
• Involve more people and use code-generators
(Terrapin, modules.tf)
• Terraform refactoring (Terrible)
• Dependency hell problem with modules
• Get acknowledgement and support from AWS
• Your ideas?
32. What is your Terraform question or
problem?
Hints: Testing? Versioning? Code structure? Working as a team? CI/CD?
Automation? Integration with other tools? modules.tf ? Terrible? Code
generation? Missing tools/features? Syntax sugar (features and types of
variables)? How to contribute?
33. So, how to get started with Terraform?
• https://www.terraform.io/intro/getting-started/
install.html
• Follow instructions in README.md, check
examples, open issues and pull requests
• Maybe read a book ("Getting Started with
Terraform" or "Terraform Up & Running")
• Try hands-on arcade — https://play.instruqt.com/
hashicorp/tracks/terraform-arcade