Book Image

Terraform Cookbook - Second Edition

By : Mikael Krief
4.5 (2)
Book Image

Terraform Cookbook - Second Edition

4.5 (2)
By: Mikael Krief

Overview of this book

Imagine effortlessly provisioning complex cloud infrastructure across various cloud platforms, all while ensuring robustness, reusability, and security. Introducing the Terraform Cookbook, Second Edition - your go-to guide for mastering Infrastructure as Code (IaC) effortlessly. This new edition is packed with real-world examples for provisioning robust Cloud infrastructure mainly across Azure but also with a dedicated chapter for AWS and GCP. You will delve into manual and automated testing with Terraform configurations, creating and managing a balanced, efficient, reusable infrastructure with Terraform modules. You will learn how to automate the deployment of Terraform configurations through continuous integration and continuous delivery (CI/CD), unleashing Terraform's full potential. New chapters have been added that describe the use of Terraform for Docker and Kubernetes, and explain how to test Terraform configurations using different tools to check code and security compliance. The book devotes an entire chapter to achieving proficiency in Terraform Cloud, covering troubleshooting strategies for common issues and offering resolutions to frequently encountered errors. Get the insider knowledge to boost productivity with Terraform - the indispensable guide for anyone adopting Infrastructure as Code solutions.

Related Content you might be interested in

Current Title:

Small book image
Terraform Cookbook - Second Edition
Mikael Krief
Aug, 2023 | 634 pages
Small book image
HashiCorp Infrastructure Automation Certification Guide
Ravi Mishra
Jul, 2021 | 350 pages
Small book image
Terraform for Google Cloud Essential Guide
Bernd Nordhausen
Jan, 2023 | 180 pages
Small book image
Learning DevOps
Mikael Krief
Mar, 2022 | 560 pages
Table of Contents (20 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
1
Setting Up the Terraform Environment
Setting Up the Terraform Environment
Technical requirements
Overviewing Terraform best practices
Downloading and installing Terraform on Windows manually
Installing Terraform using Chocolatey on Windows
Installing Terraform on Linux using the APT package manager
Installing Terraform using a script on Linux
Executing Terraform in a Docker container
Switching between multiple Terraform versions
Upgrading Terraform providers
Free Chapter
2
Writing Terraform Configurations
Writing Terraform Configurations
Technical requirements
Configuring Terraform and the provider version to use
Adding alias to a provider to use multiple instances of the same provider
Manipulating variables
Keeping sensitive variables safe
Using local variables for custom functions
Using outputs to expose Terraform provisioned data
Calling Terraform’s built-in functions
Using YAML files in Terraform configuration
Writing conditional expressions
Generating passwords with Terraform
Managing Terraform resource dependencies
Adding custom pre and postconditions
Using checks for infrastructure validation
3
Scaling Your Infrastructure with Terraform
Scaling Your Infrastructure with Terraform
Technical requirements
Provisioning infrastructure in multiple environments
Provisioning multiple resources with the count meta-argument
Using maps
Looping over a map of objects
Generating multiple blocks with the dynamic block
Filtering maps
4
Using Terraform with External Data
Using Terraform with External Data
Technical requirements
Obtaining external data with data sources
Querying external data with Terraform
Manipulating local files with Terraform
Executing local programs with Terraform
Executing shell scripts using the Terraform Shell provider
5
Managing Terraform State
Managing Terraform State
Using the local Terraform state
Managing resources in Terraform state
Synchronizing Terraform state
Importing existing resources
Using external resources from other Terraform state files
Refactoring resources in configuration
6
Applying a Basic Terraform Workflow
Applying a Basic Terraform Workflow
Technical requirements
Keeping your Terraform configuration clean
Validating the code syntax
Destroying infrastructure resources
Displaying a list of providers used in a configuration
Generating one Terraform lock file with Windows and Linux compatibility
Copying a Terraform module configuration
Using workspaces to manage environments
Exporting the output in JSON
Tainting resources
Generating the dependency graph
Using different Terraform configuration directories
Testing and evaluating a Terraform expression
Debugging the Terraform execution
7
Sharing Terraform Configuration with Modules
Sharing Terraform Configuration with Modules
Technical requirements
Creating a Terraform module and using it locally
Provisioning multiple instances of a Terraform module
Using modules from the public registry
Sharing a Terraform module in the public registry using GitHub
Using another file inside a custom module
Using the Terraform module generator
Generating module documentation
Using a private Git repository for sharing a Terraform module
Applying a Terrafile pattern for using modules
8
Provisioning Azure Infrastructure with Terraform
Provisioning Azure Infrastructure with Terraform
Technical requirements
Using Terraform in Azure Cloud Shell
Protecting the Azure credential provider
Protecting the state file in the Azure remote backend
Executing ARM templates in Terraform
Executing Azure CLI commands in Terraform
Using Azure Key Vault with Terraform to protect secrets
Provisioning and configuring an Azure VM with Terraform
Building Azure serverless infrastructure with Terraform
Generating a Terraform configuration for existing Azure infrastructure
Enabling optional Azure features
Estimating Azure cost of infrastructure using Infracost
Using the AzApi Terraform provider
9
Getting Starting to Provisioning AWS and GCP Infrastructure Using Terraform
Getting Starting to Provisioning AWS and GCP Infrastructure Using Terraform
Technical requirements
Getting started using Terraform for AWS
Using the S3 backend in AWS
Getting started using Terraform for GCP
Using a GCS backend in GCP
Executing Terraform in GCP Cloud Shell
10
Using Terraform for Docker and Kubernetes Deployment
Using Terraform for Docker and Kubernetes Deployment
Technical requirements
Creating a Docker container using Terraform
Deploying Kubernetes resources using Terraform
Deploying a Helm chart in Kubernetes using Terraform
Using a Kubernetes controller as a Terraform reconciliation loop
11
Running Test and Compliance Security on Terraform Configuration
Running Test and Compliance Security on Terraform Configuration
Technical requirements
Using PowerShell’s Pester framework to perform Terraform testing
Testing the Terraform configuration using Python
Using OPA to check the Terraform configuration
Using tfsec to analyze the compliance of Terraform configuration
Applying Terraform compliance using terraform-compliance
Testing Terraform module code with Terratest
Testing the Terraform configuration using Kitchen-Terraform
Using the new integrated Terraform module integration test
12
Deep-Diving into Terraform
Deep-Diving into Terraform
Technical requirements
Preventing resources from being destroyed
Ignoring manual changes
Using Terraform’s templating feature
Zero-downtime deployment with Terraform
Managing Terraform configuration dependencies using Terragrunt
Using Terragrunt as a wrapper for Terraform
Generating a self-signed SSL certificate using Terraform
Checking the configuration before committing code using Git hooks
Visualizing Terraform resource dependencies with Rover
Using the Terraform CDK for developers
13
Automating Terraform Execution in a CI/CD Pipeline
Automating Terraform Execution in a CI/CD Pipeline
Running Terraform in automation mode
Displaying a summary of the execution of terraform plan
Building CI/CD pipelines to apply Terraform configurations in Azure Pipelines
Automating Terraform execution in GitHub Actions
Working with workspaces in CI/CD
Building CI/CD for Terraform modules in Azure Pipelines
Building a workflow for publishing Terraform modules using GitHub Actions
14
Using Terraform Cloud to Improve Team Collaboration
Using Terraform Cloud to Improve Team Collaboration
Technical requirements
Managing workspaces in Terraform Cloud
Using the remote backend in Terraform Cloud
Migrating Terraform State to Terraform Cloud
Using Terraform Cloud as a private module registry
Executing Terraform configuration remotely in Terraform Cloud
Checking the compliance of Terraform configurations using OPA in Terraform Cloud
Using integrated cost estimation for cloud resources
Integrating the Infracost run task during the Terraform Cloud run
Configuring Terraform Cloud with the Terraform TFE provider
15
Troubleshooting Terraform Errors
Troubleshooting Terraform Errors
Fixing interpolation errors
Fixing cycle errors
Fixing for_each errors
Fixing output errors
16
Other Books You May Enjoy
Other Books You May Enjoy
17
Index
Index
Appendix A: Terraform Cheat Sheet
Appendix A: Terraform Cheat Sheet
Basic commands
Format Terraform configuration
Terraform providers management
Terraform dependency file
Basic workflow commands
Backend configuration
Validate configuration
Get outputs
Import resources
Terraform workspaces
Terraform debug
State management
Display Terraform graph dependencies
Taint/untaint resources
Terraform Cloud/Enterprise
Appendix B: Terraform Resources
Appendix B: Terraform Resources
Terraform official resources
Terraform community resources
Terraform news feed
Terraform certifications and certification preparation

Generating passwords with Terraform

When provisioning infrastructure with Terraform, there are some resources that require passwords in their properties, such as account credentials, VMs, and database connection strings.

To ensure better security by not writing passwords as plaintext in the configuration, you can use a random Terraform provider, which allows you to generate a random string that can be used as a password.

In this recipe, we will discuss how to generate a password with Terraform and assign it to a resource.

Getting ready

In this recipe, we need to provision a VM in Azure that will be provisioned with an administrator password generated dynamically by Terraform.

To do this, we will use an already existing Terraform configuration that provisions a VM in Azure.

The source code for this recipe is available at https://github.com/PacktPublishing/Terraform-Cookbook-Second-Edition/tree/main/CHAP02/password.

How to do it…

Perform the following steps:

  1. In the Terraform configuration file for the VM, add the following code: 
    resource "random_password" "password" {
  length = 16
  special = true
  override_special = "_%@"
}
  2. Then, in the code of the resource itself, modify the password property with the following code: 
    resource "azurerm_linux_virtual_machine" "myterraformvm" {
  name = "myVM"
  location = "westeurope"
  resource_group_name = azurerm_resource_group.myterraformgroup.name
     computer_name = "vmdemo"
     admin_username = "uservm"
     admin_password = random_password.password.result
....
}

How it works…

In Step 1, we added the Terraform random_password resource from the random provider, which allows us to generate strings according to the properties provided. These will be sensitive, meaning that they’re treated as sensitive in the CLI by Terraform, so they will not be displayed to the user.

Then, in Step 2, we used its result (with the result property) in the password property of the VM.

The result of executing the terraform plan command on this code can be seen in the following screenshot:

Une image contenant texte Description générée automatiquement

Figure 2.16: Generating a password with Terraform

As we can see, the result is (sensitive value).

Please note that the fact a property is sensitive in Terraform means that it cannot be displayed when using the Terraform plan and apply commands in the console output display.

On the other hand, it will be present in clear text in the Terraform state file.

See also

Previous Section
End of Section 12
Next Section