Terraform Up and Running Writing Infrastructure as Code, 3rd Edition (Yevgeniy Brikman) (Z-Library)

📄 File Format: PDF

💾 File Size: 10.0 MB

📖 Read Online ⬇️ Download

Registered users can read the full content for free

Register as a Gaohf Library member to read the complete e-book online for free and enjoy a better reading experience.

📄 Page 1

Yevgeniy Brikman Terraform Up & Running Writing Infrastructure as Code Third Edition B rikm a n

📄 Page 2

INFR A STRUC TURE A S CODE “This book teaches you everything you need to know about Terraform to massively improve infrastructure provisioning efficiency and enjoyability across any platform.” —Mitchell Hashimoto Creator of Terraform and Cofounder of HashiCorp “If you are a DevOps practitioner and want to get started with infrastructure as code, this book is the perfect resource for you.” —Akash Mahajan Cofounder and Director, Appsecco Terraform: Up and Running US $59.99 CAN $74.99 ISBN: 978-1-098-11674-3 Twitter: @oreillymedia linkedin.com/company/oreilly-media youtube.com/oreillymedia Terraform has become a key player in the DevOps world for defining, launching, and managing infrastructure as code (IaC) across a variety of cloud and virtualization platforms, including AWS, Google Cloud, Azure, and more. This hands-on third edition, expanded and thoroughly updated for version 1.0 and beyond, shows you the fastest way to get up and running with Terraform. Gruntwork cofounder Yevgeniy (Jim) Brikman takes you through code examples that demonstrate Terraform’s simple, declarative programming language for deploying and managing infrastructure with a few commands. Veteran sysadmins, DevOps engineers, and novice developers will quickly go from Terraform basics to running a full stack that can support a massive amount of traffic and a large team of developers. • Compare Terraform with Chef, Puppet, Ansible, CloudFormation, and Pulumi • Deploy servers, load balancers, and databases • Create reusable infrastructure with Terraform modules • Test your Terraform modules with static analysis, unit tests, and integration tests • Configure CI/CD pipelines for both your apps and infrastructure code • Use advanced Terraform syntax for loops, conditionals, and zero-downtime deployment • Get up to speed on Terraform 0.13 to 1.0 and beyond • Work with multiple clouds and providers (including Kubernetes!) Yevgeniy (Jim) Brikman is the cofounder of Gruntwork, a company with the mission of making it 10 times easier to build software. The author of Hello, Startup: A Programmer’s Guide to Building Products, Technologies, and Teams (O’Reilly), he previously served as a software engineer at LinkedIn, TripAdvisor, Cisco, and Thomson Financial. For more information, check out ybrikman.com.

📄 Page 3

Yevgeniy Brikman Terraform: Up & Running Writing Infrastructure as Code THIRD EDITION Boston Farnham Sebastopol TokyoBeijing

📄 Page 4

978-1-098-11674-3 [LSI] Terraform: Up & Running by Yevgeniy Brikman Copyright © 2022 Yevgeniy Brikman. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com). For more information, contact our corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com. Acquisitions Editor: John Devins Developmental Editor: Corbin Collins Production Editor: Kate Galloway Copyeditor: Piper Editorial Consulting, LLC Proofreader: Kim Cofer Indexer: nSight, Inc. Interior Designer: David Futato Cover Designer: Karen Montgomery Illustrator: Kate Dullea March 2017: First Edition September 2019: Second Edition September 2022: Third Edition Revision History for the Third Edition 2022-09-19: First Release See http://oreilly.com/catalog/errata.csp?isbn=9781098116743 for release details. The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Terraform: Up & Running, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. The views expressed in this work are those of the author, and do not represent the publisher’s views. While the publisher and the author have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the author disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights.

📄 Page 5

To Mom, Dad, Lyalya, and Molly

📄 Page 6

(This page has no text content)

📄 Page 7

Table of Contents Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix 1. Why Terraform. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 What Is DevOps? 1 What Is Infrastructure as Code? 3 Ad Hoc Scripts 4 Configuration Management Tools 5 Server Templating Tools 7 Orchestration Tools 12 Provisioning Tools 14 What Are the Benefits of Infrastructure as Code? 16 How Does Terraform Work? 17 How Does Terraform Compare to Other IaC Tools? 20 Configuration Management Versus Provisioning 21 Mutable Infrastructure Versus Immutable Infrastructure 21 Procedural Language Versus Declarative Language 22 General-Purpose Language Versus Domain-Specific Language 25 Master Versus Masterless 26 Agent Versus Agentless 28 Paid Versus Free Offering 30 Large Community Versus Small Community 31 Mature Versus Cutting Edge 33 Use of Multiple Tools Together 34 Conclusion 36 2. Getting Started with Terraform. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Setting Up Your AWS Account 40 Installing Terraform 43 v

📄 Page 8

Deploying a Single Server 44 Deploying a Single Web Server 52 Deploying a Configurable Web Server 60 Deploying a Cluster of Web Servers 66 Deploying a Load Balancer 70 Cleanup 79 Conclusion 80 3. How to Manage Terraform State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 What Is Terraform State? 82 Shared Storage for State Files 83 Limitations with Terraform’s Backends 91 State File Isolation 93 Isolation via Workspaces 94 Isolation via File Layout 100 The terraform_remote_state Data Source 105 Conclusion 113 4. How to Create Reusable Infrastructure with Terraform Modules. . . . . . . . . . . . . . . . . . 115 Module Basics 118 Module Inputs 121 Module Locals 125 Module Outputs 127 Module Gotchas 129 File Paths 129 Inline Blocks 130 Module Versioning 133 Conclusion 139 5. Terraform Tips and Tricks: Loops, If-Statements, Deployment, and Gotchas. . . . . . . . 141 Loops 142 Loops with the count Parameter 142 Loops with for_each Expressions 149 Loops with for Expressions 156 Loops with the for String Directive 158 Conditionals 160 Conditionals with the count Parameter 160 Conditionals with for_each and for Expressions 165 Conditionals with the if String Directive 167 Zero-Downtime Deployment 169 Terraform Gotchas 179 count and for_each Have Limitations 179 vi | Table of Contents

📄 Page 9

Zero-Downtime Deployment Has Limitations 181 Valid Plans Can Fail 184 Refactoring Can Be Tricky 186 Conclusion 189 6. Managing Secrets with Terraform. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Secret Management Basics 192 Secret Management Tools 193 The Types of Secrets You Store 193 The Way You Store Secrets 194 The Interface You Use to Access Secrets 195 A Comparison of Secret Management Tools 195 Secret Management Tools with Terraform 196 Providers 196 Resources and Data Sources 206 State Files and Plan Files 217 Conclusion 219 7. Working with Multiple Providers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 Working with One Provider 221 What Is a Provider? 222 How Do You Install Providers? 223 How Do You Use Providers? 225 Working with Multiple Copies of the Same Provider 226 Working with Multiple AWS Regions 226 Working with Multiple AWS Accounts 238 Creating Modules That Can Work with Multiple Providers 245 Working with Multiple Different Providers 248 A Crash Course on Docker 249 A Crash Course on Kubernetes 252 Deploying Docker Containers in AWS Using Elastic Kubernetes Service 264 Conclusion 272 8. Production-Grade Terraform Code. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 Why It Takes So Long to Build Production-Grade Infrastructure 277 The Production-Grade Infrastructure Checklist 279 Production-Grade Infrastructure Modules 280 Small Modules 281 Composable Modules 285 Testable Modules 291 Versioned Modules 298 Beyond Terraform Modules 305 Table of Contents | vii

📄 Page 10

Conclusion 313 9. How to Test Terraform Code. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 Manual Tests 316 Manual Testing Basics 317 Cleaning Up After Tests 319 Automated Tests 320 Unit Tests 321 Integration Tests 348 End-to-End Tests 362 Other Testing Approaches 364 Conclusion 372 10. How to Use Terraform as a Team. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375 Adopting IaC in Your Team 376 Convince Your Boss 376 Work Incrementally 379 Give Your Team the Time to Learn 380 A Workflow for Deploying Application Code 382 Use Version Control 382 Run the Code Locally 383 Make Code Changes 383 Submit Changes for Review 384 Run Automated Tests 385 Merge and Release 386 Deploy 387 A Workflow for Deploying Infrastructure Code 390 Use Version Control 391 Run the Code Locally 395 Make Code Changes 396 Submit Changes for Review 397 Run Automated Tests 399 Merge and Release 400 Deploy 401 Putting It All Together 412 Conclusion 414 Appendix. Recommended Reading. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417 Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421 viii | Table of Contents

📄 Page 11

Preface A long time ago, in a datacenter far, far away, an ancient group of powerful beings known as “sysadmins” used to deploy infrastructure manually. Every server, every database, every load balancer, and every bit of network configuration was created and managed by hand. It was a dark and fearful age: fear of downtime, fear of accidental misconfiguration, fear of slow and fragile deployments, and fear of what would happen if the sysadmins fell to the dark side (i.e., took a vacation). The good news is that thanks to the DevOps movement, there is now a better way to do things: Terraform. Terraform is an open source tool created by HashiCorp that allows you to define your infrastructure as code using a simple, declarative language and to deploy and manage that infrastructure across a variety of public cloud providers (e.g., Amazon Web Services [AWS], Microsoft Azure, Google Cloud Platform, DigitalOcean) and private cloud and virtualization platforms (e.g., OpenStack, VMware) using a few commands. For example, instead of manually clicking around a web page or running dozens of commands, here is all the code it takes to configure a server on AWS: provider "aws" { region = "us-east-2" } resource "aws_instance" "example" { ami = "ami-0fb653ca2d3203ac1" instance_type = "t2.micro" } And to deploy it, you just run the following: $ terraform init $ terraform apply ix

📄 Page 12

Thanks to its simplicity and power, Terraform has emerged as a key player in the DevOps world. It allows you to replace the tedious, fragile, and manual parts of infra‐ structure management with a solid, automated foundation upon which you can build all your other DevOps practices (e.g., automated testing, Continuous Integration, Continuous Delivery) and tooling (e.g., Docker, Chef, Puppet). This book is the fastest way to get up and running with Terraform. You’ll go from deploying the most basic “Hello, World” Terraform example (in fact, you just saw it!) all the way up to running a full tech stack (virtual servers, Kubernetes clusters, Docker containers, load balancers, databases) capable of supporting a large amount of traffic and a large team of developers—all in the span of just a few chap‐ ters. This is a hands-on tutorial that not only teaches you DevOps and infrastructure as code (IaC) principles but also walks you through dozens of code examples that you can try at home, so make sure you have your computer handy. By the time you’re done, you’ll be ready to use Terraform in the real world. Who Should Read This Book This book is for anyone responsible for the code after it has been written. That includes sysadmins, operations engineers, release engineers, site reliability engineers, DevOps engineers, infrastructure developers, full-stack developers, engineering man‐ agers, and CTOs. No matter what your title is, if you’re the one managing infra‐ structure, deploying code, configuring servers, scaling clusters, backing up data, monitoring apps, and responding to alerts at 3 a.m., this book is for you. Collectively, all of these tasks are usually referred to as operations. In the past, it was common to find developers who knew how to write code but did not understand operations; likewise, it was common to find sysadmins who understood operations but did not know how to write code. You could get away with that divide in the past, but in the modern world, as cloud computing and the DevOps movement become ubiquitous, just about every developer will need to learn operational skills, and every sysadmin will need to learn coding skills. This book does not assume that you’re already an expert coder or expert sysadmin—a basic familiarity with programming, the command line, and server-based software (e.g., websites) should suffice. Everything else you need you’ll be able to pick up as you go, so that by the end of the book, you will have a solid grasp of one of the most critical aspects of modern development and operations: managing infrastructure as code. In fact, you’ll learn not only how to manage infrastructure as code using Terraform but also how this fits into the overall DevOps world. Here are some of the questions you’ll be able to answer by the end of the book: x | Preface

📄 Page 13

• Why use IaC at all? • What are the differences between configuration management, orchestration, pro‐ visioning, and server templating? • When should you use Terraform, Chef, Ansible, Puppet, Pulumi, CloudForma‐ tion, Docker, Packer, or Kubernetes? • How does Terraform work, and how do you use it to manage your infrastructure? • How do you create reusable Terraform modules? • How do you securely manage secrets when working with Terraform? • How do you use Terraform with multiple regions, accounts, and clouds? • How do you write Terraform code that’s reliable enough for production usage? • How do you test your Terraform code? • How do you make Terraform a part of your automated deployment process? • What are the best practices for using Terraform as a team? The only tools you need are a computer (Terraform runs on most operating systems), an internet connection, and the desire to learn. Why I Wrote This Book Terraform is a powerful tool. It works with all popular cloud providers. It uses a clean, simple language and has strong support for reuse, testing, and versioning. It’s open source and has a friendly, active community. But there is one area where it’s lacking: maturity. Terraform has become wildly popular, but it’s still a relatively new technology, and despite its popularity, it’s still difficult to find books, blog posts, or experts to help you become proficient with the tool. The official Terraform documentation does a good job of introducing the basic syntax and features, but it includes little information on idiomatic patterns, best practices, testing, reusability, or team workflows. It’s like trying to become fluent in French by studying only the vocabulary but not any of the grammar or idioms. The reason I wrote this book is to help developers become fluent in Terraform. I’ve been using Terraform for six out of the seven years it has existed, mostly at my company, Gruntwork, where Terraform is one of the core tools we’ve used to create a library of more than 300,000 lines of reusable, battle-tested infrastructure code that’s used in production by hundreds of companies. Writing and maintaining this much infrastructure code over this many years and using it with so many different companies and use cases has taught us a lot of hard lessons. My goal is to share these Preface | xi

📄 Page 14

lessons with you so that you can cut this lengthy process down and become fluent in a matter of days. Of course, you can’t become fluent just by reading. To become fluent in French, you need to spend time conversing with native French speakers, watching French TV shows, and listening to French music. To become fluent in Terraform, you need to write real Terraform code, use it to manage real software, and deploy that software on real servers. Therefore, be ready to read, write, and execute a lot of code. What You Will Find in This Book Here’s an outline of what the book covers: Chapter 1, “Why Terraform” How DevOps is transforming the way we run software; an overview of infrastructure-as-code tools, including configuration management, server tem‐ plating, orchestration, and provisioning tools; the benefits of infrastructure as code; a comparison of Terraform, Chef, Puppet, Ansible, Pulumi, OpenStack Heat, and CloudFormation; how to combine tools such as Terraform, Packer, Docker, Ansible, and Kubernetes. Chapter 2, “Getting Started with Terraform” Installing Terraform; an overview of Terraform syntax; an overview of the Terra‐ form CLI tool; how to deploy a single server; how to deploy a web server; how to deploy a cluster of web servers; how to deploy a load balancer; how to clean up resources you’ve created. Chapter 3, “How to Manage Terraform State” What Terraform state is; how to store state so that multiple team members can access it; how to lock state files to prevent race conditions; how to isolate state files to limit the damage from errors; how to use Terraform workspaces; a best-practices file and folder layout for Terraform projects; how to use read-only state. Chapter 4, “How to Create Reusable Infrastructure with Terraform Modules” What modules are; how to create a basic module; how to make a module config‐ urable with inputs and outputs; local values; versioned modules; module gotchas; using modules to define reusable, configurable pieces of infrastructure. Chapter 5, “Terraform Tips and Tricks: Loops, If-Statements, Deployment, and Gotchas” Loops with the count parameter, for_each and for expressions, and the for string directive; conditionals with the count parameter, for_each and for expressions, and the if string directive; built-in functions; zero-downtime deployment; common Terraform gotchas and pitfalls, including count and xii | Preface

📄 Page 15

for_each limitations, zero-downtime deployment gotchas, how valid plans can fail, and how to refactor Terraform code safely. Chapter 6, “Managing Secrets with Terraform” An introduction to secrets management; an overview of the different types of secrets, different ways to store secrets, and different ways to access secrets; a comparison of common secret management tools such as HashiCorp Vault, AWS Secrets Manager, and Azure Key Vault; how to manage secrets when working with providers, including authentication via environment variables, IAM roles, and OIDC; how to manage secrets when working with resources and data sour‐ ces, including how to use environment variables, encrypted files, and centralized secret stores; how to securely handle state files and plan files. Chapter 7, “Working with Multiple Providers” A closer look at how Terraform providers work, including how to install them, how to control the version, and how to use them in your code; how to use multiple copies of the same provider, including how to deploy to multiple AWS regions, how to deploy to multiple AWS accounts, and how to build reusable modules that can use multiple providers; how to use multiple different providers together, including an example of using Terraform to run a Kubernetes cluster (EKS) in AWS and deploy Dockerized apps into the cluster. Chapter 8, “Production-Grade Terraform Code” Why DevOps projects always take longer than you expect; the production-grade infrastructure checklist; how to build Terraform modules for production; small modules; composable modules; testable modules; releasable modules; Terraform Registry; variable validation; versioning Terraform, Terraform providers, Terra‐ form modules, and Terragrunt; Terraform escape hatches. Chapter 9, “How to Test Terraform Code” Manual tests for Terraform code; sandbox environments and cleanup; automated tests for Terraform code; Terratest; unit tests; integration tests; end-to-end tests; dependency injection; running tests in parallel; test stages; retries; the test pyra‐ mid; static analysis; plan testing; server testing. Chapter 10, “How to Use Terraform as a Team” How to adopt Terraform as a team; how to convince your boss; a workflow for deploying application code; a workflow for deploying infrastructure code; version control; the golden rule of Terraform; code reviews; coding guidelines; Terraform style; CI/CD for Terraform; the deployment process. Feel free to read the book from beginning to end or jump around to the chapters that interest you the most. Note that the examples in each chapter reference and build upon the examples from the previous chapters, so if you skip around, use the open source code examples (as described in “Open Source Code Examples” on page xix) Preface | xiii

📄 Page 16

to get your bearings. At the end of the book, in the Appendix, you’ll find a list of recommended reading where you can learn more about Terraform, operations, IaC, and DevOps. Changes from the Second Edition to the Third Edition The first edition of this book came out in 2017, the second edition came out in 2019, and although it’s hard for me to believe it, I’m now working on the third edition in 2022. Time flies. It’s remarkable how much has changed over the years! If you’ve read the second edition of the book and want to know what’s new, or if you’re just curious to see how Terraform has evolved between 2019 and 2022, here are some of the highlights of what changed between the second and third editions: Hundreds of pages of updated content The third edition of the book is about a hundred pages longer than the second edition. I also estimate that roughly one-third to one-half of the pages originally in the second edition were updated as well. Why so much churn? Well, Terraform went through six major releases since the second edition came out: 0.13, 0.14, 0.15, 1.0, 1.1, and 1.2. Moreover, many Terraform providers went through major upgrades of their own, including the AWS Provider, which was at version 2 when the second edition came out and is now at version 4. Plus, the Terraform community has seen massive growth over the last few years, which has led to the emergence of many new best practices, tools, and modules. I’ve tried to capture as much of this change as I could in the third edition, adding two completely new chapters and making major updates to all the existing chapters, as described next. New provider functionality Terraform has significantly improved how you work with providers. In the third edition, I’ve added an entirely new chapter, Chapter 7, that describes how to work with multiple providers: e.g., how to deploy into multiple regions, multiple accounts, and multiple clouds. Also, by popular demand, this chapter includes a brand-new set of examples showing how to use Terraform, Kubernetes, Docker, AWS, and EKS to run containerized apps. Finally, I’ve also updated all the other chapters to highlight new provider features from the last several releases, including the required_providers block introduced in Terraform 0.13, the lock file introduced in Terraform 0.14, and the configuration_aliases parameter introduced in Terraform 0.15. Better secrets management When using Terraform code, you often have to deal with many types of secrets: database passwords, API keys, cloud provider credentials, TLS certificates, and so on. In the third edition, I added an entirely new chapter, Chapter 6, dedicated to this topic, including a comparison of common secret management tools, as xiv | Preface

📄 Page 17

well as lots of new example code that shows a variety of techniques for securely using secrets with Terraform, including environment variables, encrypted files, centralized secret stores, IAM roles, OIDC, and more. New module functionality Terraform 0.13 added the ability to use count, for_each, and depends_on on module blocks, making modules considerably more powerful, flexible, and reusa‐ ble. You can find examples of how to use these new features in Chapters 5 and 7. New validation functionality In Chapter 8, I’ve added examples of how to use the validation feature intro‐ duced in Terraform 0.13 to perform basic checks on variables (such as enforcing minimum or maximum values) and the precondition and postcondition fea‐ tures introduced in Terraform 1.2 to perform basic checks on resources and data sources, either before running apply (such as enforcing that the AMI a user selected uses the x86_64 architecture) or after running apply (such as checking that the EBS volume you’re using was successfully encrypted). In Chapter 6, I show how to use the sensitive parameter introduced in Terraform 0.14 and 0.15, which ensures that secrets won’t be logged when you run plan or apply. New refactoring functionality Terraform 1.1 introduced the moved block, which provides a much better way to handle certain types of refactoring, such as renaming a resource. In the past, this type of refactoring required users to manually run error-prone terraform state mv operations, whereas now, as you’ll see in a new example in Chapter 5, this process can be fully automated, making upgrades safer and more compatible. More testing options The tools available for automated testing of Terraform code continue to improve. In Chapter 9, I’ve added example code and comparisons of static analysis tools for Terraform, including tfsec, tflint, terrascan, and the validate command; plan testing tools for Terraform, including Terratest, OPA, and Sentinel; and server testing tools, including inspec, serverspec, and goss. I also added a comparison of all the testing approaches out there, so you can pick the best ones for your use cases. Improved stability Terraform 1.0 was a big milestone for Terraform, not only signifying that the tool had reached a certain level of maturity but also coming with a number of compatibility promises. Namely, there is a promise that all the 1.x releases will be backward compatible, so upgrading between v1.x releases should no longer require changes to your code, workflows, or state files. Terraform state files are now cross-compatible with Terraform 0.14, 0.15, and all 1.x releases, and Terraform remote state data sources are cross-compatible with Terraform Preface | xv

📄 Page 18

1 Per the HashiCorp S1. 2 Check out the Terraform upgrade guides for details. 0.12.30, 0.13.6, 0.14.0, 0.15.0, and all 1.x releases. I’ve also updated Chapter 8 with examples of how to better manage versioning of Terraform (including using tfenv), Terragrunt (including using tgswitch), and Terraform providers (including how to use the lock file). Improved maturity Terraform has been downloaded over 100 million times, has had over 1,500 open source contributors, and is in use at ~79% of Fortune 500 companies,1 so it’s safe to say that the ecosystem has grown and matured significantly over the last several years. There are now more developers, providers, reusable modules, tools, plugins, classes, books, and tutorials for Terraform than ever before. Moreover, HashiCorp, the company that created Terraform, had its IPO (initial public offering) in 2021, so Terraform is no longer backed by a small startup but by a large, stable, publicly traded company, for which Terraform is its biggest business line. Many other changes There were many other changes along the way, including the launch of Terraform Cloud (a web UI for using Terraform); the improved maturity of popular com‐ munity tools such as Terragrunt, Terratest, and tfenv; the addition of many new provider features (including new ways to do zero-downtime deployment, such as instance refresh, which I’ve added to Chapter 5) and new functions (e.g., I added examples of how to use the one function in Chapter 5 and the try function in Chapter 7); the deprecation of many old features (e.g., template_file data source, many aws_s3_bucket parameters, list and map, support for external references on destroy provisioners); and much more. Changes from the First Edition to the Second Edition Going back in time even further, the second edition of the book added roughly 150 pages of new content on top of the first edition. Here is a summary of those changes, which also covers how Terraform changed between 2017 and 2019: Four major Terraform releases Terraform was at version 0.8 when the first edition came out; between then and the time of the second edition, Terraform had four major releases, all the way up to version 0.12. These releases introduced some amazing new functionality, as I’ll describe shortly, as well as a fair amount of upgrade work for users!2 xvi | Preface

📄 Page 19

Automated testing improvements The tooling and practices for writing automated tests for Terraform code evolved considerably between 2017 and 2019. In the second edition, I added Chapter 9, a completely new chapter dedicated to testing, covering topics such as unit tests, integration tests, end-to-end tests, dependency injection, test parallelism, static analysis, and more. Module improvements The tooling and practices for creating Terraform modules also evolved consider‐ ably. In the second edition, I added Chapter 8, a new chapter that contains a guide to building reusable, battle-tested, production-grade Terraform modules— the kind of modules you’d bet your company on. Workflow improvements Chapter 10 was completely rewritten in the second edition to reflect the changes in how teams integrate Terraform into their workflows, including a detailed guide on how to take application code and infrastructure code from development through testing and all the way to production. HCL2 Terraform 0.12 overhauled the underlying language from HCL to HCL2. This included support for first-class expressions, rich type constraints, lazily evalu‐ ated conditional expressions, support for null, for_each and for expressions, dynamic inline blocks, and more. All the code examples in the second edition of the book were updated to use HCL2, and the new language features were covered extensively in Chapters 5 and 8. Terraform state revamp Terraform 0.9 introduced backends as a first-class way to store and share Terra‐ form state, including built-in support for locking. Terraform 0.9 also introduced state environments as a way to manage deployments across multiple environ‐ ments. In Terraform 0.10, state environments were replaced with Terraform workspaces. I cover all of these topics in Chapter 3. Terraform providers split In Terraform 0.10, the core Terraform code was split up from the code for all the providers (i.e., the code for AWS, GCP, Azure, etc.). This allowed providers to be developed in their own repositories, at their own cadence, with their own versioning. However, you now must run terraform init to download the provider code every time you start working with a new module, as discussed in Chapters 2 and 9. Preface | xvii

📄 Page 20

3 You can find the full list of Terraform providers in the Terraform Registry. Massive provider growth From 2016 to 2019, Terraform grew from a handful of major cloud providers (the usual suspects, such as AWS, GCP, and Azure) to more than one hundred official providers and many more community providers.3 This means that you can now use Terraform to not only manage many other types of clouds (e.g., there are now providers for Alicloud, Oracle Cloud Infrastructure, VMware vSphere, and others) but also to manage many other aspects of your world as code, including version control systems with the GitHub, GitLab, and Bitbucket providers; data stores with the MySQL, PostgreSQL, and InfluxDB providers; monitoring and alerting systems with the Datadog, New Relic, and Grafana providers; platform tools with the Kubernetes, Helm, Heroku, Rundeck, and RightScale providers; and much more. Moreover, each provider has much better coverage these days: AWS now covers the majority of important AWS services and often adds support for new services even before CloudFormation does! Terraform Registry HashiCorp launched the Terraform Registry in 2017, a UI that made it easy to browse and consume open source, reusable Terraform modules contributed by the community. In 2018, HashiCorp added the ability to run a Private Terraform Registry within your own organization. Terraform 0.11 added first-class syntax support for consuming modules from a Terraform Registry. We look at the Registry in Chapter 8. Better error handling Terraform 0.9 updated state error handling: if there was an error writing state to a remote backend, the state would be saved locally in an errored.tfstate file. Terraform 0.12 completely overhauled error handling, by catching errors earlier, showing clearer error messages, and including the filepath, line number, and a code snippet in the error message. Many other changes There were many other changes along the way, including the introduction of local values (see “Module Locals” on page 125), new “escape hatches” for having Terraform interact with the outside world via scripts (see “Beyond Terraform Modules” on page 305), running plan as part of the apply command, fixes for the create_before_destroy cycle issues, major improvements to the count parameter so that it can include references to data sources and resources, dozens of new built-in functions, an overhaul in provider inheritance, and much more. xviii | Preface