Terraform from Hashicorp is a tool that just should be hanging off the belt of anyone who touches the “Ops” side of DevOps. It's right there alongside Git, Ansible, Docker and Kubernetes.
We look at some of the great reasons to use Terraform - and when you probably shouldn’t.
26-06-2023
What is Terraform?
Good question. Terraform by Hashicorp is an open-source Iinfrastructure as Code (IaC) tool that allows you to define, manage, and provision your cloud infrastructure in a declarative way. It is a powerful tool that can help you automate your infrastructure and make it more scalable, reliable, and efficient. This means that you can check-in the thing that provisions your infrastructure just like you can check-in your application code. Versions, rollbacks, canary releases, redeployments are your all at your fingertips.
Why you might want to bother!
There is a ramp up to learning any new tool, so it is definitely worth considering if you really want to expend the effort before you get going. Here are some reasons not to:
- You never provision any cloud resources … ever.
Maybe all your resources are on-prem. Maybe you really have a system that was deployed once and you will never need to touch again (including, of course, your well documented, automated and tested disaster recovery plan). If this is not you, there is probably a place for Terraform in your life.
- You are all in with a single cloud provider and always will be
You started on AWS, you understand AWS, the sirens calling you from the forbidding rocks of Azure don’t tempt you at all. If this is you, then your best course of action is probably CloudFormation everywhere. All the major providers have their own IaC tools and these can actually be pretty good. Go ahead – embrace the vendor lockin, buy the t-shirts and turn your back on Terraform.
Actually, even in this case you might still want to keep Terraform around – there are some things that Terraform just does so much better. For example, if you want to provision 100 identical Amazon EC2 instances that are not in an AutoScaling group, then there just isn’t a simple way to do this in the AWS CloudFormation tool. It can be done, but it is nasty.
In Terraform it is done with a single line: count=100.
- You already have crafted all the bespoke scripts you want
Yup, using nothing more than the Cloud Providers’ CLIs and bash you have created your very own set of scripts to automate provision. You remain unmoved by the stream of updates and new features that these same providers pass on to the Terraform distribution. You are certain that your latest script will work right first time and not bring the virtual heavens crashing down on your business when you do an update. You are not concerned that your provisioning happens linearly and doesn’t take advantage of multiple parallel threads to implement your changes as efficiently as possible.
- You are committed to another IaC tool
There is a fair amount of tongue in cheek in the above reasons. This one might carry a bit more weight. The fact is there are lots of tools that do similar, IaC-type things, each with their own strengths and weaknesses. If you have been working with Puppet or Chef or Pulumi and that is doing everything you need, then you may want to avoid muddying the waters. Alternatively you could have a little fling with Terraform to see if you can cover your needs better using multiple tools!
Why you might want to bother!
If you’re still here you probably want a bit more info on the positives of Terraform. Here are a few reasons why Terraform could be the right solution for your situation.
- Multi-cloud and hybrid support
Terraform supports various cloud platforms, including Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and more. This multi-cloud capability allows organizations to avoid vendor lock-in and take advantage of the best services each cloud provider offers. You can even provision a Kubernetes cluster with worker nodes in different cloud platforms!
- Modular architecture
You can break down your infrastructure as code into reusable modules. This offers several benefits:
Reusability: Standard modules for different projects and regions. This saves time, reduces the risk of errors and can also enable you to enforce company wide platform requirements.
Abstraction: High-level modules encapsulating common patterns and best practices can abstract away the underlying complexity of the infrastructure.
Separation of concerns: You can separate your infrastructure code into different modules based on different concerns, such as networking, security, and application deployment.
- Infrastructure provisioning efficiency
Terraform automatically determines the necessary dependencies, parallelizes resource creation, and optimizes the provisioning process for a particular deployment. This efficiency results in faster infrastructure deployment, reducing manual errors and saving valuable time and resources. On top of that you can use the plan step to know exactly what changes are going to take place before you press the button. With Terraform Enterprise there’s even more – the plan step will give an approximate cost for your configuration deployment or modification. No nasty surprises in your cloud resources bill!
- Community and ecosystem
Terraform benefits from a vibrant and active community that contributes modules, plugins, and best practices. This vast ecosystem allows organizations to leverage pre-built modules, reducing the effort required to define complex infrastructure setups. The community-driven nature of Terraform fosters knowledge sharing and continuous improvement, ensuring that users have access to a wealth of resources and support.
There you have it
There is a load more to Terraform, but we hope this short post has given you a flavour for what it offers.
To help raise awareness of challenges and vulnerabilities and ways to reduce risk, we've got a bumper crop of cyber security blog articles. We've also got a robust range of hands-on training courses covering security for non-technical staff and IT professionals
We use cookies on our website to provide you with the best user experience. If you're happy with this please continue to use the site as normal. For more information please see our Privacy Policy.