5 things we love about Terraform

In honor of Valentine's day, I think a bit of a "love letter" to Terraform sounds appropriate. Terraform is far from perfect (what relationship is?), with all kinds of fun sharp edges to cut yourself on at the worst times. But all things considered, Terraform has been a revolution in managing infrastructure at scale. It's probably no surprise then that Terraform was our most-searched-for topic in 2021. In this post, I'll share five things we love about Terraform.

Accelerate your career in cloud

A Cloud Guru makes it easy (and awesome) to level up your cloud career — even if you're totally new to tech. Check out ACG’s current free courses or get started now with a free trial.

Of course, any Valentine's themed article wouldn't be complete without a throwback to the time-honored romantic advice column:

Dear Terry,

Long-time reader, first time writing in. I'm at my wits end and I don't know what to do. I'm in a love/hate relationship with my cloud infrastructure, and I think the love is fading. Don't get me wrong, cloud infrastructure is great; I can ask it to provision 100 instances, and it will do it without blinking. (Try asking that of your bare metal datacenter!)

The problem is, it's just out of control. My cloud infrastructure is an unkempt mess. I spend my whole day clicking through the UI to get a load balancer set up, I've got instances named for Lord of The Rings characters, and I'm pretty sure our intern just deleted our Prod VPC. Help!!!

– Manually Provisioned in Pittsburgh

Luckily there's hope MP, if you'll just read on. – Terry Form

Check out the top 10 Terraform commands and get a full rundown of all the basic commands you need to get the most out of this intuitive IaC tool in our Terraform cheat sheet.

One of Terraform's great features is that it uses declarative logic to accomplish its goals, rather than imperative. Although that sounds like a simple semantic distinction, the implications to user experience are huge, and it's a major selling point. 

What exactly does it mean to be "declarative?"

Declarative programming means that whoever is writing the code declares what they want the end-state of the program to be, and the compiler uses its own logic to determine the best path to achieve that state. The programmer doesn’t have to worry about implementation. 

Contrast that with imperative programming; in most common languages, like Python, the programmer needs to explicitly define the implementation and the logic needed to achieve the desired state.

In the context of Terraform, declaration is about resources like infrastructure components. 

Therein lies the appeal of Terraform. Users don't have to learn a new programming language with overly complex logic conventions. They can simply define the resources they'd like to see in their cloud infrastructure, and Terraform will automatically determine the correct order in which to apply the logic and deploy the resources. It also helps that HCL, the language the Terraform uses, is a very close approximation of JSON.

Read: CloudFormation, Terraform, or CDK? A guide to IaC on AWS
Get an overview of the IAC tools available in AWS, and how to choose between them.

It's the classic awkward story: two engineers make changes to the same pool of resources at the same time, nothing is fully or correctly applied, and hilarity ensues! Actually, more like a production outage and an uncomfortable conversation with the CTO. How can Terraform help avoid these "awkward encounters"?

First, it's helpful to understand how Terraform "knows" about your cloud infrastructure. 

It stores data about resources it manages in state, which at a basic level is just a single file containing a large JSON blob with metadata on every resource that Terraform manages. Typically, these files live locally on an engineer workstation. However, this really doesn't scale well when you have large deployments and several engineers needing to deploy and change the infrastructure. Enter remote state.

Terraform has the capability to integrate with a variety of backends, to provide remote state management. With a few lines of configuration, Terraform deployments can be set to utilize a shared state file. To prevent the aforementioned issue with collisions, remote state backends can also provide locking capabilities. If one engineer is deploying changes to a Terraform workspace, other engineers are prevented from making their own changes or plans until the original changes are completed.

Anyone that has built distributed systems and deployed modern application infrastructure has probably at least heard of The Twelve Factors. The Twelve Factors lay out a set of guiding principles for best practices around developing, deploying, and maintaining applications. Terraform offers features that can help engineering teams do a better job of adhering to these principles.

Check out Twelve-Factor Apps in Kubernetes to see how Kubernetes can help in implementing the application design standards of the Twelve-Factor App methodology.

This factor states: "One codebase tracked in revision control, many deploys." 

Utilizing Terraform means your infrastructure is defined in code, code that can be committed to and tracked via version control. Modern application architecture often does not decouple infrastructure and workloads; using code to define both is a requirement for any kind of scalability.

This factor states: "Store config in the environment." 

We'll cheat a little bit with this one by introducing some other tools. Terraform has the capability to read in environment variables by passing through a tfvars file. Using some templating logic and most any CI/CD system, you can write Terraform code once using modules, and pass in environment variables for different environments like QA, staging, and prod.

This factor states: "Keep development, staging, and production as similar as possible." 

A lot of the features that help with factor III overlap here. Keeping separate definitions for different environments is nearly always going to result in configuration drift, and maintaining homogeneity between these environments is absolutely critical for maintaining release velocity. Having application infrastructure defined in modules, with certain variables exposed for naming and scale variation allows for powerful automation that can help enforce needed parity.

There's a lot of discussion lately around being cloud agnostic, or having multi-cloud deployments. If an organization decides it wants to be in AWS and GCP at the same time, Terraform is an excellent tool for the job. 

However, if you look past the big cloud providers, there are a wealth of other services and tools that can enable nearly complete end-to-end automation of your infrastructure.

For instance, an organization could deploy the majority of its compute workload on AWS, deploy code repositories to Github, deploy monitoring via Datadog, and deploy incident management configuration via Pagerduty. For most engineering teams that constitutes a non-trivial majority of the cloud resources and services needed to run a very capable application stack, and now everything can be configured and managed in code.

Watch: Kubernetes + Azure, the HashiCorp way
Have you ever thought about creating a standardized way to deploy your applications and how to do so securely? Using the HashiCorp stack on Azure is an excellent place to start! Learn more in this free, on-demand webinar.

Terraform will be eight years old this year. What started life as an open-source project has achieved remarkable growth and community adoption in eight years. That kind of momentum has created a fantastic ecosystem of third-party tools and learning resources. New users to Terraform have a bevy of options for learning best practices around infrastructure as code.

Terraform's growth has enabled Hashicorp (creators of Terraform) to build an entire product line of modern tooling for distributed systems that have first class integration support with Terraform. Consul and Vault are some of the most capable tools available for service discovery and secrets management, respectively. Hashicorp has also launched Terraform Cloud, offering a batteries-included managed service option for Terraform deployment and support.

The third party ecosystem is equally robust. The Awesome Terraform maintains a list of books, tutorials, blog posts, tools, modules and more. New users have a wealth of material to learn from, and an active community they can engage with.

Terraform isn't perfect, but there's a lot to love. And like any relationship you've got to take the good with the bad. Hopefully this article has shown that it's hard to go wrong choosing Terraform as your IaC (Infrastructure-as-Code) tool.

I'm excited for what the future holds as well. To bring it around full circle, tools like the CDK and Pulumi bring IaC back to imperative logic, allowing developers to stay entirely within their programming language of choice, importing infrastructure logic as modules or libraries. This new paradigm potentially offers some very powerful abstractions, and could massively improve developer productivity.

Even so, I'll still probably be reaching for Terraform more often than not, and I hope it continues to grow and mature as a go-to for infrastructure management.

Looking to level up your Terraform and DevOps skills? Check out our Terraform training or the top DevOps skills and technologies (and how to learn them). You can also see what's free at ACG this month.

And keep up with all things cloud by following ACG on Twitter and Facebook, subscribing to A Cloud Guru on YouTube, or joining the cloudy conversation in our awesome Discord Community.

About the Author
Mike Vanbuskirk is a Lead DevOps engineer and technical content creator. He’s worked with some of the largest cloud, e-commerce, and CDN platforms in the world. His current focus is cloud-first architecture and serverless infrastructure.