Terraform: Up & Running [3 ed.] 9781098116743

305 87 7MB

English Pages 620 [680] Year 2022

Terraform: Up & Running [3 ed.]
9781098116743

Author / Uploaded
Yevgeniy Brikman

Table of contents :
Preface
Who Should Read This Book
Why I Wrote This Book
What You Will Find in This Book
Changes from the Second Edition to the Third Edition
Changes from the First Edition to the Second Edition
What You Won’t Find in This Book
Open Source Code Examples
Using the Code Examples
Conventions Used in This Book
O’Reilly Online Learning
How to Contact O’Reilly Media
Acknowledgments
1. Why Terraform
What Is DevOps?
What Is Infrastructure as Code?
Ad Hoc Scripts
Configuration Management Tools
Server Templating Tools
Orchestration Tools
Provisioning Tools
What Are the Benefits of Infrastructure as Code?
How Does Terraform Work?
How Does Terraform Compare to Other IaC Tools?
Configuration Management Versus Provisioning
Mutable Infrastructure Versus Immutable Infrastructure
Procedural Language Versus Declarative Language
General-Purpose Language Versus Domain-Specific Language
Master Versus Masterless
Agent Versus Agentless
Paid Versus Free Offering
Large Community Versus Small Community
Mature Versus Cutting Edge
Use of Multiple Tools Together
Provisioning plus configuration management
Provisioning plus server templating
Provisioning plus server templating plus orchestration
Conclusion
2. Getting Started with Terraform
Setting Up Your AWS Account
Installing Terraform
Deploying a Single Server
Deploying a Single Web Server
Deploying a Configurable Web Server
Deploying a Cluster of Web Servers
Deploying a Load Balancer
Cleanup
Conclusion
3. How to Manage Terraform State
What Is Terraform State?
Shared Storage for State Files
Limitations with Terraform’s Backends
State File Isolation
Isolation via Workspaces
Isolation via File Layout
The terraform_remote_state Data Source
Conclusion
4. How to Create Reusable Infrastructure with Terraform Modules
Module Basics
Module Inputs
Module Locals
Module Outputs
Module Gotchas
File Paths
Inline Blocks
Module Versioning
Conclusion
5. Terraform Tips and Tricks: Loops, If-Statements, Deployment, and Gotchas
Loops
Loops with the count Parameter
Loops with for_each Expressions
Loops with for Expressions
Loops with the for String Directive
Conditionals
Conditionals with the count Parameter
If-statements with the count parameter
If-else-statements with the count parameter
Conditionals with for_each and for Expressions
Conditionals with the if String Directive
Zero-Downtime Deployment
Terraform Gotchas
count and for_each Have Limitations
Zero-Downtime Deployment Has Limitations
Valid Plans Can Fail
Refactoring Can Be Tricky
Conclusion
6. Managing Secrets with Terraform
Secret Management Basics
Secret Management Tools
The Types of Secrets You Store
The Way You Store Secrets
The Interface You Use to Access Secrets
A Comparison of Secret Management Tools
Secret Management Tools with Terraform
Providers
Human users
Machine users
CircleCI as a CI server, with stored secrets
EC2 Instance running Jenkins as a CI server, with IAM roles
GitHub Actions as a CI server, with OIDC
Resources and Data Sources
Environment variables
Encrypted files
Secret stores
State Files and Plan Files
State files
Plan files
Conclusion
7. Working with Multiple Providers
Working with One Provider
What Is a Provider?
How Do You Install Providers?
How Do You Use Providers?
Working with Multiple Copies of the Same Provider
Working with Multiple AWS Regions
Working with Multiple AWS Accounts
Creating Modules That Can Work with Multiple Providers
Working with Multiple Different Providers
A Crash Course on Docker
A Crash Course on Kubernetes
Deploying Docker Containers in AWS Using Elastic Kubernetes Service
Conclusion
8. Production-Grade Terraform Code
Why It Takes So Long to Build Production-Grade Infrastructure
The Production-Grade Infrastructure Checklist
Production-Grade Infrastructure Modules
Small Modules
Composable Modules
Testable Modules
Validations
Preconditions and postconditions
When to use validations, preconditions, and postconditions
Versioned Modules
Beyond Terraform Modules
Provisioners
Provisioners with null_resource
External data source
Conclusion
9. How to Test Terraform Code
Manual Tests
Manual Testing Basics
Cleaning Up After Tests
Automated Tests
Unit Tests
Unit testing Terraform code
Dependency injection
Running tests in parallel
Integration Tests
Test stages
Retries
End-to-End Tests
Other Testing Approaches
Static analysis
Plan testing
Server testing
Conclusion
10. How to Use Terraform as a Team
Adopting IaC in Your Team
Convince Your Boss
Work Incrementally
Give Your Team the Time to Learn
A Workflow for Deploying Application Code
Use Version Control
Run the Code Locally
Make Code Changes
Submit Changes for Review
Run Automated Tests
Merge and Release
Deploy
Deployment tooling
Deployment strategies
Deployment server
Promotion across environments
A Workflow for Deploying Infrastructure Code
Use Version Control
Live repo and modules repo
The Golden Rule of Terraform
The trouble with branches
Run the Code Locally
Make Code Changes
Submit Changes for Review
Documentation
Automated tests
File layout
Style guide
Run Automated Tests
Merge and Release
Deploy
Deployment tooling
Deployment strategies
Deployment server
Promote artifacts across environments
Putting It All Together
Conclusion
A. Recommended Reading
Books
Blogs
Talks
Newsletters
Online Forums
Index