Terraform is a tool for Infrastructure as Code (IaC) made by HashiCorp, which helps in making process of creating and managing cloud resources more simple, including AWS infrastructure. When using Terraform configurations, you can automate and keep versions of your infrastructure. Here is a list of some tips and things to watch out for when using Terraform to make AWS resources
- Utilize Terraform Workspaces for Keeping Environments Separate
When making AWS infrastructure for different environments (for example, development, staging, and production), it is very important to keep separation and not have conflicts. Terraform workspaces give an easy way to manage multiple environments with same configuration files:
- Make new workspace for each environment, keeping their states separate.
- Use variables and backend configurations specific to workspace to customize resource settings for each environment.
- Manage State Files with Security and Collaboration
Terraform’s state files store current state of your infrastructure and are very important for tracking changes. Making sure security and integrity of state files is very important, especially when working in a team:
- Use remote backends like Amazon S3 to store state files with security and allow team to work together.
- Enable state file versioning and use AWS KMS for encryption to make security better.
- Use Terraform locking mechanisms, like DynamoDB for the S3 backend, to stop concurrent modifications and not damage state files.
- Organize Your Terraform Code with Use of Modules
When your Terraform configurations become big, it is important to organize your code for reusability, being easy to maintain, and having consistency. Modules are effective way for this:
- Create reusable modules for common infrastructure parts, like VPCs, subnets, and security groups.
- Use version control and central repository for managing your modules.
- Plan with Care and Use Lifecycle Rules for Stopping Accidental Resource Deletion
Terraform’s ability to manage resources can also have risk of deleting important infrastructure by mistake. To not have unintended results, follow these practices:
- Always run
terraform applyto see changes that will be made to your infrastructure.
lifecycleconfiguration block with
prevent_destroyattribute set to
truefor important resources, making sure Terraform doesn’t delete them by mistake.
- Take advantage of resource import function to bring existing infrastructure under Terraform management without accidental deletions.
- Keep Secrets Safe with AWS Secrets Manager and SSM Parameter Store
Handling secret data, like API keys and credentials, is important part of deploying AWS infrastructure. To keep secrets safe, use AWS Secrets Manager or SSM Parameter Store:
- Store secret data in AWS Secrets Manager or SSM Parameter Store, keeping them out of your Terraform configuration files.
- Use Terraform resources (
aws_ssm_parameter) or data sources (
aws_ssm_parameter) that are related to get and use these secrets in your configurations.
Use terraform!!, use cloudformation, use IaC tool!!!