Skip to content
/ terraform-workshop Public

A little workshop to explain some problems and pitfalls when managing IaC with Terraform and managing Terraform too

License

MIT license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

carlosjgp/terraform-workshop

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

01_hello_world

01_hello_world

 
 

02_providers

02_providers

 
 

03_backend

03_backend

 
 

04_functions

04_functions

 
 

05_modules

05_modules

 
 

06_workspaces

06_workspaces

 
 

docs/img

docs/img

 
 

.gitignore

.gitignore

 
 

.pre-commit-config.yaml

.pre-commit-config.yaml

 
 

.tflint.hcl

.tflint.hcl

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

poetry.lock

poetry.lock

 
 

pyproject.toml

pyproject.toml

 
 

Repository files navigation

terraform-workshop

A little workshop to explain some problems and pitfalls when managing IaC with Terraform and managing Terraform too

Agenda

IaC (infrastructure as code)

terraform world (hello world)

Folder 01_hello_world

Contains a simple example of a terraform module/project.

terraform providers

Folder 02_providers

Demostrates how to use terraform providers chained

terraform backend

Folder 03_backend

Keep the state somewhere safe! And use locks if there are concurrent changes.

terraform functions

Folder 04_functions

terraform modules

Folder 05_modules

terraform workspaces

Folder 06_workspaces

terraform and pipelines (automation) no demo

terraform and Kubernetes (operators) no demo

terraform OSS vs cloud. No demo

Pitfalls

Providers and modules versioning

Make sure you are confortable with the strategy to adopt versions

Be mindful of the providers and modules you are using and how their maintainers publish their verions.

  • New patch versions might cause changes in your infrastructure
  • No updating ofter will make it very painful to update when you really need to

Too much/little infrastrcure

Could lead into

  • Works when adding things. It doesn't on create from scratch, updating modules or destroying the whole thing.
  • Cyclic dependencies

Cyclic dependency

Resources dependencies

Explicit vs implicit

Race conditions

eg: AWS IAM propagation

Drifted state

Some times some provider resources or just how we do code might change the same cloud resource on two different projects and they will constantly changing the other.

Monorepo vs repo per project

Isolation vs easy to find

Terragrunt

https://github.com/antonbabenko/terragrunt-reference-architecture

Tools

Managing

Security

Testing

Visualise

Terraform graph

Using terraform and graphviz highlighting the cyclic dependencies with read

terraform plan -out tfplan
terraform graph -draw-cycles -module-depth=0 -plan=tfplan | dot -Tsvg > graph-apply.svg

Rover

$ docker run --rm -it -p 9000:9000 -v "$HOME/.aws":/root/.aws -v $(pwd):/src im2nguyen/rover

if terraform uses AWS provider... you might want to mount your AWS credentials or the .aws folder

-e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SESSION_TOKEN
-v "$HOME/.aws":/root/.aws

terraform-visual

https://hieven.github.io/terraform-visual/plan-details

Importing

Hygene

Reference

About

A little workshop to explain some problems and pitfalls when managing IaC with Terraform and managing Terraform too

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages