Deploy your infrastructure with Terraform Cloud

Deploy your infrastructure with Terraform Cloud
How can I manage and collaborate around my Terraform deployment?

Back in September 2019, Hashicorp has released Terraform Cloud, a public hosted version of his Entreprise edition accessible to all.

This announcement brings two good news:

  • It makes it easier to host Terraform state files in an isolated environment instead of the same as their cloud provider storage.
  • There are different access versions including a free edition!

In the free access version, we will find back some important features as:

  • Organisation management
  • Workspace Management
  • Secure variable storage, with possibility to declare them sensitive
  • Private Module Registry
  • Crypted hosting of your tfstate file

For more details, check the pricing offering.

And what is the difference between the open source CLI version and the cloud version ?

Using a remote backend like Terraform Cloud or Enterprise may have some advantages on the collaborating aspect, but you will lose access to some CLI commands. If you are already familiar with the concept of Terraform and already using it, I suggest you to take a look at the official documentation of Terraform Cloud/Entreprise to understand the purpose of it.

A bit older, you can also take a look at the following article.


Let's deploy some service with Terraform Cloud

Init the project

For this project, we would try to deploy an Elastic BeanStalk on AWS. As Terraform Cloud accepts VCS triggers, I will host the code on Github and create a hook between the two platforms later.

My repository: https://github.com/benguichard/hello-terraform

Now that the foundation of our architecture is ready, and if it's not done yet, it's time to register on the Terraform cloud platform : https://app.terraform.io.

Once done, you will have the opportunity to create your first organisation.

Plan the workspace

Organisations are a shared space for teams to collaborate on workspaces in Terraform Cloud.

Creating an organisation will be the highest level of governance we will be able to create to manage different workspace.

It's also in an organisation that you will have the possibility to attach a Module Registry, but let's focus on workspaces for today.

Terraform Cloud already accepts several major git platforms. Selecting a Git service will open a connection page to grant permission to Terraform Cloud to access to the repositories. By the way, it's granted that you will have the possibility to choose which code repository that will be linked to the workspace.


In case you don't want to use any provided VCS service, it's still possible to deploy a workspace and use it directly with the Terraform CLI. For that, remember to specify in your terraform config the workspace name and host url. For the token, it's recommended omitting it, and instead setting it as credentials in the CLI config file.

# Configure Terraform
terraform {
  required_version = ">= 0.12.0"
  backend "remote" {
    hostname     = "app.terraform.io"
    organization = "company"
    workspaces { name = "my-app-prod" }
  }
}
And how can I declare my variables?

For that, two solutions:

  • You can create a vars.auto.tfvars file in your project sources
  • You can use the variables interface to set them directly on Terraform Cloud

In my case I usually prefer to use the auto.tfvars, for quicker access to variables, but for some variables which need to be fixed, the second option may be needed.

It's also by this interface you can setup environment variables. For most of the cloud providers, it's where you will specify the access and secret keys.

You will notice a CONFIRM_DESTROY variable in my capture. Don't worry, we will come back on it later.

Apply the architecture

Now that all workspace settings are done, we will have the joy to push our infrastructure!

According to the settings we set, it's possible to automatically queue new launch but as we have already pushed the source on Github, we are going to execute manually the first queue.

For that, click on "Queue Plan".

Once the queue launches, you can visualise the progression of the processing on the preview page as:

  • The plan step: where you will see your infrastructure estimation. If you have left a manual apply method, the page will ask you for a confirmation before deployment. The highest offer of Terraform Cloud can even provide you a cost estimation of your future infrastructure.
  • The apply step: which will execute and deploy your instruction to create your cloud resources. The outputs will be printed at the end of it.

You will also have the possibility to explore the tfstate file and see the change with the previous versions of it in the "States" tab.

Destroy your creation

To terminate, it's possible to execute a destroy command by looking in "Settings > Destruction and Deletion".

It's for this reason we have entered the variable CONFIRM_DESTROY earlier. Without this variable, the platform will block your command by security.

Attention to the delete button which will delete the workspace and the Terraform State file without possibility to restore it.

And it's on this clean up that we will end our demonstration!


Conclusion

After using Terraform Enterprise, I rather welcomed these public access features included in the version of Terraform Cloud.

With easy use and connection to VCS, this hosted platform will be useful for deploying a quick project without having to configure deployment jobs in Jenkins or similars. We were also able to appreciate the state file history and his changes.

This is a great way for Hashicorp to recover part of the public market and help teams focus more on their products than on how to maintain their deployment.

Show Comments