Terraform Best Practices
Terraform is a powerful tool that allows you to manage many resources using infrastructure as code. When starting out with Terraform, there are many ways to get organized.
Your approach may depend on how your team works together. Here are some guidelines to follow when getting started.
If you're the type of person that likes to sit down and read a book before getting started, then this book is for you.
Terraform: Up & Running, 2nd Edition is a great kickstart for a new Terraform user.
This book covers many things like DevOps concepts in general and how to get started with Terraform. I even recommend this book for more advanced users as the book covers some really good in-depth topics.
Having this book by your side during your Terraform journey is a great resource.
There are many ways to organize your Terraform repository. At the end of the day, it's up to you. Terraform does not have an opinion.
Here is an example of a very simple way to organize your files:
. └── terraform ├── main.tf └── variables.tf 1 directory, 2 files
We only have two files in this example:
- main.tf: Terraform resources, data sources, state, etc.
- variables.tf: Variable definitions
This is a reasonable way to organize your first Terraform repository when you're first getting started. However, you'll quickly realize that this loose organization can become unwieldy.
A more advanced method of organization:
. └── terraform ├── components │ ├── backend │ │ ├── env │ │ │ ├── dev.tfvars │ │ │ └── production.tfvars │ │ └── main.tf │ └── frontend │ ├── env │ │ ├── dev.tfvars │ │ └── production.tfvars │ └── main.tf └── modules └── vpc ├── main.tf ├── outputs.tf ├── subnets.tf └── variables.tf 8 directories, 10 files
Separating your Terraform code out into multiple directories and multiple environment files sets you up for long-term success as you grow your repository.
By default, Terraform will store state on the local filesystem. This can be acceptable if you're working alone on a single Terraform repository but quickly becomes problematic as you want to collaborate on Terraform code with other members on your team.
Using a remote backend for Terraform state is recommended from the start. There are many remote backend stores that can be used across your organization.
Depending on what your infrastructure looks like and what cloud providers are available, you might choose one of many remote backends. A full list can be found here.
Using a CI/CD platform against your Terraform repository is a godsend. You can do many things like enforce approvals, ensure passed Terraform plans, validate new changes adhere to security policies, and much more. Terraform team collaboration without a CI/CD platform is next to impossible.
There are countless projects to help organize and maintain your Terraform repository. Some popular ones that Terrateam recommends are:
- tflint: A Pluggable Terraform Linter
- tfsec: A static analysis security scanner
- checkov: A static code analysis tool for infrastructure-as-code
Check out our previous blog post on Terraform Pre-Commit Hooks where we go into more detail.
With Terraform you can create a strong foundation to start building out infrastructure resources in a repeatable and collaborative way. It's up to the user to decide on the best way to organize Terraform code workflow. Create a solution that works best for you.
Sign up for Terrateam here!