Terraform in Action

Terraform in Action

by Scott Winkler
Released July 2021
Publisher(s): Manning Publications
ISBN: 9781617296895

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Use Terraform to programmatically create, test, and manage infrastructure using the efficient infrastructure-as-code approach.

In Terraform in Action you will learn:

  • Cloud architecture with Terraform
  • Terraform module sharing and the private module registry
  • Terraform security in a multitenant environment
  • Strategies for performing blue/green deployments
  • Refactoring for code maintenance and reusability
  • Running Terraform at scale
  • Creating your own Terraform provider
  • Using Terraform as a continuous development/continuous delivery platform

Terraform in Action introduces the infrastructure-as-code (IaC) model that lets you instantaneously create new components and respond efficiently to changes in demand. You’ll use the Terraform automation tool to design and manage servers that can be provisioned, shared, changed, tested, and deployed with a single command.

About the Technology
Provision, deploy, scale, and clone your entire stack to the cloud at the touch of a button. In Terraform, you create a collection of simple declarative scripts that define and manage application infrastructure. This powerful infrastructure-as-code approach automates key tasks like versioning and testing for everything from low-level networking to cloud services.

About the Book
Terraform in Action shows you how to automate and scale infrastructure programmatically using the Terraform toolkit. Using practical, relevant examples, you’ll use Terraform to provision a Kubernetes cluster, deploy a multiplayer game, and configure other hands-on projects. As you progress to advanced techniques like zero-downtime deployments, you’ll discover how to think in Terraform rather than just copying and pasting scripts.

What's Inside
  • Cloud architecture with Terraform
  • Terraform module sharing and the private module registry
  • Terraform security in a multitenant environment
  • Strategies for performing blue/green deployments


About the Reader
For readers experienced with a major cloud platform such as AWS. Examples in JavaScript and Golang.

About the Author
Scott Winkler is a DevOps engineer and a distinguished Terraform expert. He has spoken multiple times at HashiTalks and HashiConf, and was selected as a HashiCorp Ambassador and Core Contributor in 2020.

Quotes
An outstanding source of knowledge for Terraform enthusiasts of all levels.
- Anton Babenko, Betajob

A must for anyone who wants to understand Terraform.
- Jürgen Hötzel, Lisperati

Takes you by the hand and explains how to use Terraform easily and correctly. A pleasure to read.
- Andrea Granata, Luminor Bank

A great introduction to Terraform with real-world examples.
- Matt Welke, GroupBy

Terraform brilliantly explained.
- Enrico Mazzarella, Techedge

Publisher resources

View/Submit Errata

Table of contents

  1. Terraform in Action
  2. Copyright
  3. dedication
  4. contents
  5. front matter
    1. foreword
    2. preface
    3. acknowledgments
    4. about this book
      1. Who should read this book
      2. How this book is organized: A roadmap
      3. About the code
      4. liveBook discussion forum
    5. about the author
    6. about the cover illustration
  6. Part 1 Terraform bootcamp
  7. 1 Getting started with Terraform
    1. 1.1 What makes Terraform so great?
      1. 1.1.1 Provisioning tool
      2. 1.1.2 Easy to use
      3. 1.1.3 Free and open source software
      4. 1.1.4 Declarative programming
      5. 1.1.5 Cloud-agnostic
      6. 1.1.6 Richly expressive and highly extensible
    2. 1.2 “Hello Terraform!”
      1. 1.2.1 Writing the Terraform configuration
      2. 1.2.2 Configuring the AWS provider
      3. 1.2.3 Initializing Terraform
      4. 1.2.4 Deploying the EC2 instance
      5. 1.2.5 Destroying the EC2 instance
    3. 1.3 Brave new “Hello Terraform!”
      1. 1.3.1 Modifying the Terraform configuration
      2. 1.3.2 Applying changes
      3. 1.3.3 Destroying the infrastructure
    4. 1.4 Fireside chat
    5. Summary
  8. 2 Life cycle of a Terraform resource
    1. 2.1 Process overview
      1. 2.1.1 Life cycle function hooks
    2. 2.2 Declaring a local file resource
    3. 2.3 Initializing the workspace
    4. 2.4 Generating an execution plan
      1. 2.4.1 Inspecting the plan
    5. 2.5 Creating the local file resource
    6. 2.6 Performing No-Op
    7. 2.7 Updating the local file resource
      1. 2.7.1 Detecting configuration drift
      2. 2.7.2 Terraform refresh
    8. 2.8 Deleting the local file resource
    9. 2.9 Fireside chat
    10. Summary
  9. 3 Functional programming
    1. 3.1 Fun with Mad Libs
      1. 3.1.1 Input variables
      2. 3.1.2 Assigning values with a variable definition file
      3. 3.1.3 Validating variables
      4. 3.1.4 Shuffling lists
      5. 3.1.5 Functions
      6. 3.1.6 Output values
      7. 3.1.7 Templates
      8. 3.1.8 Printing output
    2. 3.2 Generating many Mad Libs stories
      1. 3.2.1 for expressions
      2. 3.2.2 Local values
      3. 3.2.3 Implicit dependencies
      4. 3.2.4 count parameter
      5. 3.2.5 Conditional expressions
      6. 3.2.6 More templates
      7. 3.2.7 Local file
      8. 3.2.8 Zipping files
      9. 3.2.9 Applying changes
    3. 3.3 Fireside chat
    4. Summary
  10. 4 Deploying a multi-tiered web application in AWS
    1. 4.1 Architecture
    2. 4.2 Terraform modules
      1. 4.2.1 Module syntax
      2. 4.2.2 What is the root module?
      3. 4.2.3 Standard module structure
    3. 4.3 Root module
      1. 4.3.1 Code
    4. 4.4 Networking module
    5. 4.5 Database module
      1. 4.5.1 Passing data from the networking module
      2. 4.5.2 Generating a random password
    6. 4.6 Autoscaling module
      1. 4.6.1 Trickling down data
      2. 4.6.2 Templating a cloudinit_config
    7. 4.7 Deploying the web application
    8. 4.8 Fireside chat
    9. Summary
  11. Part 2 Terraform in the wild
  12. 5 Serverless made easy
    1. 5.1 The “two-penny website”
    2. 5.2 Architecture and planning
      1. 5.2.1 Sorting by group and then by size
    3. 5.3 Writing the code
      1. 5.3.1 Resource group
      2. 5.3.2 Storage container
      3. 5.3.3 Storage blob
      4. 5.3.4 Function app
      5. 5.3.5 Final touches
    4. 5.4 Deploying to Azure
    5. 5.5 Combining Azure Resource Manager (ARM) with Terraform
      1. 5.5.1 Deploying unsupported resources
      2. 5.5.2 Migrating from legacy code
      3. 5.5.3 Generating configuration code
    6. 5.6 Fireside chat
    7. Summary
  13. 6 Terraform with friends
    1. 6.1 Standard and enhanced backends
    2. 6.2 Developing an S3 backend module
      1. 6.2.1 Architecture
      2. 6.2.2 Flat modules
      3. 6.2.3 Writing the code
    3. 6.3 Sharing modules
      1. 6.3.1 GitHub
      2. 6.3.2 Terraform Registry
    4. 6.4 Everyone gets an S3 backend
      1. 6.4.1 Deploying the S3 backend
      2. 6.4.2 Storing state in the S3 backend
    5. 6.5 Reusing configuration code with workspaces
      1. 6.5.1 Deploying multiple environments
      2. 6.5.2 Cleaning up
    6. 6.6 Introducing Terraform Cloud
    7. 6.7 Fireside chat
    8. Summary
  14. 7 CI/CD pipelines as code
    1. 7.1 A tale of two deployments
    2. 7.2 CI/CD for Docker containers on GCP
      1. 7.2.1 Designing the pipeline
      2. 7.2.2 Detailed engineering
    3. 7.3 Initial workspace setup
      1. 7.3.1 Organizing the directory structure
    4. 7.4 Dynamic configurations and provisioners
      1. 7.4.1 for_each vs. count
      2. 7.4.2 Executing scripts with provisioners
      3. 7.4.3 Null resource with a local-exec provisioner
      4. 7.4.4 Dealing with repeating configuration blocks
      5. 7.4.5 Dynamic blocks: Rare boys
    5. 7.5 Configuring a serverless container
    6. 7.6 Deploying static infrastructure
    7. 7.7 CI/CD of a Docker container
      1. 7.7.1 Kicking off the CI/CD pipeline
    8. 7.8 Fireside chat
    9. Summary
  15. 8 A multi-cloud MMORPG
    1. 8.1 Hybrid-cloud load balancing
      1. 8.1.1 Architectural overview
      2. 8.1.2 Code
      3. 8.1.3 Deploy
    2. 8.2 Deploying an MMORPG on a federated Nomad cluster
      1. 8.2.1 Cluster federation 101
      2. 8.2.2 Architecture
      3. 8.2.3 Stage 1: Static infrastructure
      4. 8.2.4 Stage 2: Dynamic infrastructure
      5. 8.2.5 Ready player one
    3. 8.3 Re-architecting the MMORPG to use managed services
      1. 8.3.1 Code
      2. 8.3.2 Ready player two
    4. 8.4 Fireside chat
    5. Summary
  16. Part 3 Mastering Terraform
  17. 9 Zero-downtime deployments
    1. 9.1 Lifecycle customizations
      1. 9.1.1 Zero-downtime deployments with create_before_destroy
      2. 9.1.2 Additional considerations
    2. 9.2 Blue/Green deployments
      1. 9.2.1 Architecture
      2. 9.2.2 Code
      3. 9.2.3 Deploy
      4. 9.2.4 Blue/Green cutover
      5. 9.2.5 Additional considerations
    3. 9.3 Configuration management
      1. 9.3.1 Combining Terraform with Ansible
      2. 9.3.2 Code
      3. 9.3.3 Infrastructure deployment
      4. 9.3.4 Application deployment
    4. 9.4 Fireside chat
    5. Summary
  18. 10 Testing and refactoring
    1. 10.1 Self-service infrastructure provisioning
      1. 10.1.1 Architecture
      2. 10.1.2 Code
      3. 10.1.3 Preliminary deployment
      4. 10.1.4 Tainting and rotating access keys
    2. 10.2 Refactoring Terraform configuration
      1. 10.2.1 Modularizing code
      2. 10.2.2 Module expansions
      3. 10.2.3 Replacing multi-line strings with local values
      4. 10.2.4 Looping through multiple module instances
      5. 10.2.5 New IAM module
    3. 10.3 Migrating Terraform state
      1. 10.3.1 State file structure
      2. 10.3.2 Moving resources
      3. 10.3.3 Redeploying
      4. 10.3.4 Importing resources
    4. 10.4 Testing infrastructure as code
      1. 10.4.1 Writing a basic Terraform test
      2. 10.4.2 Test fixtures
      3. 10.4.3 Running the test
    5. 10.5 Fireside chat
    6. Summary
  19. 11 Extending Terraform by writing a custom provider
    1. 11.1 Blueprints for a Terraform provider
      1. 11.1.1 Terraform provider basics
      2. 11.1.2 Petstore provider architecture
    2. 11.2 Writing the Petstore provider
      1. 11.2.1 Setting up the Go project
      2. 11.2.2 Configuring the provider schema
    3. 11.3 Creating a pet resource
      1. 11.3.1 Defining Create()
      2. 11.3.2 Defining Read()
      3. 11.3.3 Defining Update()
      4. 11.3.4 Defining Delete()
    4. 11.4 Writing acceptance tests
      1. 11.4.1 Testing the provider schema
      2. 11.4.2 Testing the pet resource
    5. 11.5 Build, test, deploy
      1. 11.5.1 Deploying the Petstore API
      2. 11.5.2 Testing and building the provider
      3. 11.5.3 Installing the provider
      4. 11.5.4 Pets as code
    6. 11.6 Fireside chat
    7. Summary
  20. 12 Automating Terraform
    1. 12.1 Poor person’s Terraform Enterprise
      1. 12.1.1 Reverse-engineering Terraform Enterprise
      2. 12.1.2 Design details
    2. 12.2 Beginning at the root
    3. 12.3 Developing a Terraform CI/CD pipeline
      1. 12.3.1 Declaring input variables
      2. 12.3.2 IAM roles and policies
      3. 12.3.3 Building the Plan and Apply stages
      4. 12.3.4 Configuring environment variables
      5. 12.3.5 Declaring the pipeline as code
      6. 12.3.6 Touching base
    4. 12.4 Deploying the Terraform CI/CD pipeline
      1. 12.4.1 Creating a source repository
      2. 12.4.2 Creating a least-privileged deployment policy
      3. 12.4.3 Configuring Terraform variables
      4. 12.4.4 Deploying to AWS
      5. 12.4.5 Connecting to GitHub
    5. 12.5 Deploying “Hello World!” with the pipeline
      1. 12.5.1 Queuing a destroy run
    6. 12.6 Fireside chat
      1. 12.6.1 FAQ
    7. Summary
  21. 13 Security and secrets management
    1. 13.1 Securing Terraform state
      1. 13.1.1 Removing unnecessary secrets from Terraform state
      2. 13.1.2 Least-privileged access control
      3. 13.1.3 Encryption at rest
    2. 13.2 Securing logs
      1. 13.2.1 What sensitive information?
      2. 13.2.2 Dangers of local-exec provisioners
      3. 13.2.3 Dangers of external data sources
      4. 13.2.4 Dangers of the HTTP provider
      5. 13.2.5 Restricting access to logs
    3. 13.3 Managing static secrets
      1. 13.3.1 Environment variables
      2. 13.3.2 Terraform variables
      3. 13.3.3 Redirecting sensitive Terraform variables
    4. 13.4 Using dynamic secrets
      1. 13.4.1 HashiCorp Vault
      2. 13.4.2 AWS Secrets Manager
    5. 13.5 Sentinel and policy as code
      1. 13.5.1 Writing a basic Sentinel policy
      2. 13.5.2 Blocking local-exec provisioners
    6. 13.6 Final words
    7. Summary
  22. appendix A Authenticating to AWS
    1. A.1 Creating an AWS account
    2. A.2 Creating an IAM user
    3. A.3 Installing the AWS CLI (optional)
    4. A.4 Configuring the credentials file
    5. A.5 Configuring the AWS provider in Terraform
  23. appendix B Authenticating to Azure
    1. B.1 Creating an Azure account
    2. B.2 Installing the Azure CLI
    3. B.3 Obtaining credentials via the CLI
    4. B.4 Configuring Azure CLI authentication in Terraform
  24. appendix C Authenticating to GCP
    1. C.1 Creating a GCP account
    2. C.2 Creating a new project
    3. C.3 Installing the Google Cloud SDK
    4. C.4 Authenticating with the Google Cloud SDK
    5. C.5 Configuring the GCP provider in Terraform
  25. appendix D Creating custom resources with the Shell provider
    1. D.1 Installing the provider
    2. D.2 Using the provider
    3. D.3 Final thoughts
  26. appendix E Creating a Petstore data source
    1. E.1 Registering the data source
    2. E.2 Creating the data source
    3. E.3 Writing acceptance tests
      1. E.3.1 Running acceptance tests
    4. E.4 Using the data source
  27. index

Product information

  • Title: Terraform in Action
  • Author(s): Scott Winkler
  • Release date: July 2021
  • Publisher(s): Manning Publications
  • ISBN: 9781617296895