Terraform Tutorial: What is Terraform ?

I am sure about the fact that by now, most of us have used public cloud services like AWS, Azure, & Google Cloud. Well, if not all three, at least aws for sure(because aws is the biggest player in the public cloud service offering). Creating your infrastructure on top of these public cloud is pretty straightforward and easy, if done manually, by using their respective web console.  However, it is not that simple to automate the infrastructure building process in a reusable fashion. Please keep the fact in mind that we are talking about automating the “infrastructure” here and not about your applications and services running on your servers.
 

When I say infrastructure, I am referring to the below in the cloud..

• Networks
• Subnetworks
• Firewalls
• LoadBalancers
• Storage
• Public IPs
• DNS Entries.. And much more..

There are already many configuration management tools out there in the market, that can automate your Applications and Services running inside instances(VMs). For example, Puppet, Chef, Ansible, Salt etc can be used for automating your applications and services running inside your VM (or in other words...your app running in the infrastructure).

We need a method and a reusable process to build infrastructure using code. The idea is to basically treat the infrastructure components that we listed above, in the same manner that we treat our application(ie: Using code). Hence the name “Infrastructure As code”. The tool that we are going to discuss today falls under IaC (Infra as Code). It is called “Terraform”
 

So basically the principles that we generally apply to software development can then be applied to infrastructure as well. Like version controlling, Infrastructure can be shared(because its code), can go back in time (because we can go to the previous version).

You can declare the required state of your infrastructure using Terraform, and it will take care of the underlying complexities to create it.

Let's imagine you want to create an AWS instance, and then attach a public IP(elastic ip), and then finally add a DNS entry for your instance.  As I mentioned earlier, you simply specify the end state that you want using terraform.

• A Public IP
• A DNS Entry
• An Instance

There are dependencies between each step that we have above. Terraform will calculate the dependencies and create each of the resources above in the correct order. Let's think about this for a moment. An instance should be created before we can attach a public IP to it. The public IP should be created before adding the DNS entry. Which means the order is important here, and terraform will take care of this by building a graph internally.

So basically terraform will provision your infra in a cloud of your interest (terraform also falls under the umbrella of tools called as provisioners). Hence it can be also be called a cloud provisioner.

Why Can't We Use Puppet, Chef or Ansible for this?

The primary area where Puppet, Chef and Ansible focuses is on configuration inside the instances (ie: Your application and server specific configs). Although there are modules available to use these configuration management tools to manage some of the infrastructure stuff, the original intent behind their creation was application configuration inside the operating system.

Being said that, you can still use these configuration management tools along with terraform to configure things inside the VMs(basically these tools can be used by terraform as a provisioner to configure applications inside your infrastructure).

Apart from this, if you are using Docker containers for running your applications, the containers are self sufficient and will have all the required configuration packed into it for your application. In this case, the need of a configuration management tool like chef or puppet is not that much. But you still need something to manage your infrastructure with code. Because the containers will ultimately run on top of a server/vm in a cloud infra. Terraform can step in and create your required infra for your containers to run on.

Lets not deny the fact that all these tools(chef, puppet, ansible etc) can be used as IaC(Infrastructure as Code) as well. But terraform is well suited for this purpose as it maintains the state of the infrastructure.

Why Can't We use AWS Cloudformation or Azure Resource Manager for infrastructure?

Agreed the fact that majority of the cloud providers offer their own infrastructure management tools to define infrastructure in the form of templates that can be reused. AWS CloudFormation templates is the best example here. These tools are very much similar to terraform in the way it achieves the end result.  The only problem with these tools is the fact that they are cloud specific (meaning Azure Resource Manager can only be used to build infra on Azure cloud, and similarly AWS Cloudformation templates can be used only to build infra on AWS Cloud).

Basically you cannot migrate to another cloud provider with these tools, as they are tightly integrated and only will work on their platforms.

So, what is the ideal use case of Terraform?

Terraform supports a wide range of resources in the cloud. Things like networks, subnetworks, firewalls, storage, tags, metadata, etc. The operations team can standardize these and different teams in the company can then use terraform stacks to create their own required environment(infrastructure with applications) , which adheres to the predefined standards.

Creating different environments like production, qa and staging with identical configuration is easy using terraform as the infrastructure is in the format of code. You can leverage terraform in your existing continues delivery pipeline. Basically your infrastructure, configuration management, and application deployment can all be part of your single pipeline for the delivery.

As terraform is not cloud specific, you can use it to make your infrastructure fault tolerant by creating environments in different public clouds (all using one configuration). Along with this, it can be used for other external services like CDN providers.

Configuration management tools like Puppet, Chef etc are actually suited for mutable infrastructure. They generally keep on doing incremental updates on top of the existing machines back to back. Compare this to a method of replacing a server with a brand new one for every change. This is generally referred to as immutable infrastructure. In this immutable method, you basically create a new set of servers using a new vm image using terraform, and terminate the old ones. Terraform suits better here compared to other tools(change of image is nothing but a small image name change in your terraform code).

The other two main interesting thing about terraform is that it is declarative in nature and it maintains the state of the infrastructure. As mentioned earlier, you simply say the end state of the infra that you want using terraform(Puppet is also declarative in nature). Tools like chef and Ansible requires you to write the procedure to reach the end state that you need.  Hence using terraform, you are relieved off from some of the complexities and logic required to achieve the end state.  As terraform remembers the current state of the infrastructure, making small changes and applying it is quite easy compared to other provisioning tools.