Terraform Cookbook

By : Mikael Krief

Terraform Cookbook

By: Mikael Krief

Overview of this book

HashiCorp Configuration Language (HCL) has changed how we define and provision a data center infrastructure with the launch of Terraform—one of the most popular and powerful products for building Infrastructure as Code. This practical guide will show you how to leverage HashiCorp's Terraform tool to manage a complex infrastructure with ease. Starting with recipes for setting up the environment, this book will gradually guide you in configuring, provisioning, collaborating, and building a multi-environment architecture. Unlike other books, you’ll also be able to explore recipes with real-world examples to provision your Azure infrastructure with Terraform. Once you’ve covered topics such as Azure Template, Azure CLI, Terraform configuration, and Terragrunt, you’ll delve into manual and automated testing with Terraform configurations. The next set of chapters will show you how to manage a balanced and efficient infrastructure and create reusable infrastructure with Terraform modules. Finally, you’ll explore the latest DevOps trends such as continuous integration and continuous delivery (CI/CD) and zero-downtime deployments. By the end of this book, you’ll have developed the skills you need to get the most value out of Terraform and manage your infrastructure effectively.

Preface

Who this book is for

What this book covers

To get the most out of this book

Get in touch

Setting Up the Terraform Environment

Technical requirements

Downloading and installing Terraform manually

Installing Terraform using a script on Linux

Installing Terraform using a script on Windows

Executing Terraform in a Docker container

Writing Terraform configuration in VS Code

Migrating your Terraform configuration to Terraform 0.13

Free Chapter

Writing Terraform Configuration

Technical requirements

Configuring Terraform and the provider version to use

Manipulating variables

Using local variables for custom functions

Using outputs to expose Terraform provisioned data

Provisioning infrastructure in multiple environments

Obtaining external data with data sources

Using external resources from other state files

Querying external data with Terraform

Calling Terraform built-in functions

Writing conditional expressions

Manipulating local files with Terraform

Executing local programs with Terraform

Generating passwords with Terraform

Building Dynamic Environments with Terraform

Technical requirements

Provisioning multiple resources with the count property

Using a table of key-value variables with maps

Looping over object collections

Generating multiple blocks with dynamic expressions

Using the Terraform CLI

Technical requirements

Keeping your Terraform configuration clean

Validating the code syntax

Destroying infrastructure resources

Using workspaces for managing environments

Importing existing resources

Exporting the output in JSON

Tainting resources

Generating the graph dependencies

Debugging the Terraform execution

Sharing Terraform Configuration with Modules

Technical requirements

Creating a Terraform module and using it locally

Using modules from the public registry

Sharing a Terraform module using GitHub

Using another file inside a custom module

Using the Terraform module generator

Generating module documentation

Using a private Git repository for sharing a Terraform module

Applying a Terrafile pattern for using modules

Testing Terraform module code with Terratest

Building CI/CD for Terraform modules in Azure Pipelines

Building a workflow for Terraform modules using GitHub Actions

Provisioning Azure Infrastructure with Terraform

Technical requirements

Using Terraform in Azure Cloud Shell

Protecting the Azure credential provider

Protecting the state file in the Azure remote backend

Executing ARM templates in Terraform

Executing Azure CLI commands in Terraform

Using Azure Key Vault with Terraform to protect secrets

Getting a list of Azure resources in Terraform

Provisioning and configuring an Azure VM with Terraform

Building Azure serverless infrastructure with Terraform

Generating a Terraform configuration for existing Azure infrastructure

Deep Diving into Terraform

Technical requirements

Creating an Ansible inventory with Terraform

Testing the Terraform configuration using kitchen-terraform

Preventing resources from getting destroyed

Zero-downtime deployment with Terraform

Detecting resources deleted by the plan command

Managing Terraform configuration dependencies using Terragrunt

Using Terragrunt as a wrapper for Terraform

Building CI/CD pipelines for Terraform configurations in Azure Pipelines

Working with workspaces in CI/CD

Using Terraform Cloud to Improve Collaboration

Technical requirements

Using the remote backend in Terraform Cloud

Using Terraform Cloud as a private module registry

Executing Terraform configuration remotely in Terraform Cloud

Automating Terraform Cloud using APIs

Testing the compliance of Terraform configurations using Sentinel

Using cost estimation for cloud cost resources governance

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Generating passwords with Terraform

When provisioning infrastructure with Terraform, there are some resources that require passwords in their properties, such as VMs and databases.

To ensure better security by not writing passwords in clear text, you can use a Terraform provider, which allows you to generate passwords.

In this recipe, we will discuss how to generate a password with Terraform and assign it to a resource.

Getting ready

In this recipe, we need to provision a VM in Azure that will be provisioned with an administrator password generated dynamically by Terraform.

To do this, we will base ourselves on an already existing Terraform configuration that provisions a VM in Azure.

The source code for this recipe is available at https://github.com/PacktPublishing/Terraform-Cookbook/tree/master/CHAP02/password.

How to do it…

Perform the following steps:

In the Terraform configuration file for the VM, add the following code:

resource "random_password" "password" {
  length = 16
  special = true
  override_special = "_%@"
}

Then, in the code of the resource itself, modify the password property with the following code:

resource "azurerm_virtual_machine" "myterraformvm" {
  name = "myVM"
  location = "westeurope"
  resource_group_name = azurerm_resource_group.myterraformgroup.name
  network_interface_ids = [azurerm_network_interface.myterraformnic.id]
  vm_size = "Standard_DS1_v2"
....
  os_profile {
     computer_name = "vmdemo"
     admin_username = "admin"
     admin_password = random_password.password.result
  }
....
}

How it works…

In step 1, we added the Terraform random_password resource from the random provider, which allows us to generate strings according to the properties provided. These will be sensitive, meaning that they're protected by Terraform.

Then, in step 2, we used its result (with the result property) in the password property of the VM.

The result of executing the terraform plan command on this code can be seen in the following screenshot:

As we can see, the result is sensitive value.

Please note that the fact a property is sensitive in Terraform means that it cannot be displayed when using the Terraform plan and apply commands in the console output display.

On the other hand, it will be present in clear text in the Terraform state file.

Terraform Cookbook

By : Mikael Krief

Terraform Cookbook

By: Mikael Krief

Overview of this book

Related Content you might be interested in

Current Title:

Terraform Cookbook

Learning DevOps

HashiCorp Infrastructure Automation Certification Guide

Learning DevOps.

Generating passwords with Terraform

Getting ready

How to do it…

How it works…

See also