Skip to content

Terraform

General Patterns

Security Model

Article Description
HashiCorp HashiCorp Developer Docs, step by step tutorials, videos, and real hands-on labs
HashiCorp Terraform Cloud Security Model Document explaining the authorization model, potential security threats, and HashiCorp's recommendations for securely using Terraform Cloud
Securing Terraform monorepo CI Post explaining the security problems the Mercari team faced in their Terraform environment, and how they improved the situation

Module Creation

Article Description
Terraform Module Patterns Some patterns for creating Terraform Modules that have been proven to work well
Writing reusable Terraform modules Some of the best practices for writing reusable Terraform modules

Testing

Article Description
HashiCorp Testing HashiCorp Terraform Testing strategies for HashiCorp Terraform modules and configuration, and learn how to run tests against infrastructure
A Comprehensive Guide to Testing in Terraform: Keep your tests, validations, checks, and policies in order
  • CLI validation command -> terraform validate
  • Custom conditions
    • Variable validation -> add validation blocks nested inside of variable blocks
    • Validations that run before or after changes are applied to a resource -> add precondition or postcondition blocks nested inside of a lifecycle block in a resource or data source
    • Output validation -> add a precondition block nested inside of output blocks
  • Test framework
    • Test files use the .tftest.hcl file ending
    • By default, all test files stored in the same directory as your module, or stored in a tests directory, are run when you issue the terraform test command
    • A test file consists of one or more run blocks. Each run block should be thought of as a test. A run block includes a number of arguments and blocks to configure what the test should do. Each test executes a command, which is either plan or apply (default)
  • Checks
    • The check block is ideal for validations you want to make that should not stop a plan and apply from finishing (if a check fails the deployment will still continue)
    • A check block can include at most one scoped data block, and one or more assert blocks. Each assert block has a condition that evaluates to true or false, and an error_message that is displayed if the assertion fails. The purpose of the scoped data block is to read data about a resource, or perhaps an external website, that you want to include in the check
  • Policies
    • OPA vs HashiCorp Sentinel
    • The purpose of policies with Terraform is to validate that the changes you are introducing follow rules defined by you or your organization

Use Cases

Article Description
How We Use Terraform At Slack Post looking at how the Slack team uses Terraform to build their infrastructure

Integrations

Import Resources

Article Description
terraformer CLI tool to generate terraform files from existing infrastructure (reverse Terraform)
former2 Generate CloudFormation / Terraform / Troposphere templates from your existing AWS resources
terracognita Reads from existing public and private cloud providers (reverse Terraform) and generates your infrastructure as code on Terraform configuration

Kubernetes

Article Description
HashiCorp Creating Workspaces with the HashiCorp Terraform Operator for Kubernetes
  • The Terraform Operator for Kubernetes leverages the benefits of Terraform Cloud with a first-class Kubernetes experience
  • The Operator lets you define and create infrastructure as code natively in Kubernetes by making calls to Terraform Cloud
HashiCorp Manage Kubernetes with Terraform
  • Provision and manage Kubernetes clusters with Terraform
  • Guides to provision managed Kubernetes on AWS, Azure, or GCP, and interact with your cluster using the Kubernetes Terraform provider

GCP

Article Description
Using Google Cloud Service Account impersonation in your Terraform code Authenticate as a service account in Terraform using short-lived credentials

Cloudflare

Article Description
cf-terraforming Command line utility to facilitate terraforming your existing Cloudflare resources

GitHub

Article Description
terraform-cloud-action Using these three actions, you can assemble a workflow to create, use, and destroy infrastructure managed by Terraform Cloud