When it comes to managing infrastructure as code (IaC), Terraform stands out as one of the most powerful and flexible tools available today. It allows teams to define, provision, and manage cloud resources in a declarative manner, supporting a wide range of cloud providers like AWS, Azure, GCP, and others. In this blog, we’ll walk through the Terraform workflow, outlining its key phases and demonstrating how you can use it to manage your infrastructure efficiently.

What is Terraform?

Terraform is an open-source IaC tool that enables you to automate the provisioning of cloud resources through simple configuration files. It allows you to define what your infrastructure should look like and then makes sure your infrastructure matches that state.

Terraform Workflow

The Terraform workflow consists of four main stages:

1. Write
   In this phase, you define your infrastructure using configuration files, which are typically written in HCL (HashiCorp Configuration Language) or JSON. These files describe the desired state of your infrastructure. For example, creating an EC2 instance or setting up an S3 bucket.

   Example of a simple main.tf file:

   provider "aws" {
     region = "us-west-2"
   }
    
   resource "aws_instance" "example" {
     ami           = "ami-12345678"
     instance_type = "t2.micro"
   }

2. Plan
   Once the infrastructure is defined, you can generate an execution plan by running the terraform plan command. This command lets you see what changes Terraform will make to your infrastructure based on the current state and your configuration files.

   terraform plan

   This will display a summary of actions Terraform will perform, such as creating, updating, or destroying resources.

3. Apply
   After reviewing the plan, you can apply the changes using terraform apply. Terraform will provision or update the resources to match the desired state defined in your configuration files.

   terraform apply

   After confirmation, Terraform will create or modify the resources as described in the plan.

4. Destroy
   When you no longer need the resources, you can use the terraform destroy command to remove all the infrastructure defined by your configuration.

   terraform destroy

   This command is useful for tearing down resources and avoiding unnecessary cloud costs.

Key Concepts in Terraform

State

Terraform maintains a state file (terraform.tfstate) that tracks the current state of your infrastructure. It allows Terraform to understand what resources are currently in place so it can determine what changes need to be made. It’s critical to store this state securely, especially in production environments. Many teams use remote state backends, such as AWS S3 or Terraform Cloud, to store their state files safely.

Providers

Terraform works with multiple cloud providers through the use of providers. Providers are responsible for managing the lifecycle of resources. Examples include AWS, Azure, Google Cloud, Kubernetes, and many more. Each provider has its own set of resources and data sources that you can use in your configurations.

Modules

Modules are a way to organize and reuse configurations. Instead of writing the same configuration code repeatedly, you can create modules that encapsulate common infrastructure components (e.g., VPCs, IAM roles, databases). This promotes DRY (Don’t Repeat Yourself) principles and makes your infrastructure more manageable and reusable.

Example of calling a module:

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "3.0.0"
 
  name = "example-vpc"
  cidr = "10.0.0.0/16"
}

Terraform CLI Commands

Some of the most frequently used Terraform CLI commands include:

• terraform init: Initializes a Terraform configuration and sets up any required providers or backends.
• terraform validate: Checks whether the configuration is valid.
• terraform fmt: Formats your configuration files.
• terraform plan: Previews the changes Terraform will make.
• terraform apply: Applies the planned changes to your infrastructure.
• terraform destroy: Destroys the infrastructure managed by Terraform.

Advanced Topics

Workspaces

Terraform workspaces allow you to manage different environments (like development, staging, and production) within the same configuration. By default, Terraform uses the default workspace, but you can create and switch between workspaces using:

terraform workspace new dev
terraform workspace select dev

Terraform Cloud & Remote State

When working in teams, storing state files remotely is essential for collaboration. Terraform Cloud provides a managed service for storing your state, running Terraform commands, and managing workspaces. Alternatively, you can use cloud storage like AWS S3 with DynamoDB for state locking to prevent conflicts.

Handling Secrets

When working with sensitive data, like API keys or database credentials, Terraform allows you to manage secrets using environment variables, encrypted state files, or third-party tools like Vault. Always avoid hardcoding secrets in your Terraform configurations.

Using terraform plan for Dry Runs

The terraform plan command is often referred to as a dry-run for Terraform. It doesn’t apply changes but instead shows you what would happen if you applied your configuration. This is useful for reviewing changes before making any modifications to your infrastructure.

To simulate a dry-run and preview changes:

terraform plan

By default, this previews any modifications to your infrastructure based on your Terraform configuration and the current state of resources.

By understanding the Terraform workflow and key concepts like state, providers, modules, and commands, you'll be well-equipped to manage and automate your cloud infrastructure efficiently. Whether you're deploying a single server or managing a multi-cloud environment, Terraform offers a consistent, declarative way to define and provision resources. Keep exploring advanced topics such as workspaces, remote state management, and handling secrets to further optimize your infrastructure-as-code practices.