2023-05-24 - Three problems of Terraform DevOps Pro EU.pdf
0 likes66 views
The document discusses three conceptual problems with Terraform, including dynamic state location, deploying configurations to multiple environments, and cross-state resource lookups. It addresses the need for wrappers and conventions to manage these issues effectively, highlighting challenges such as environment-specific parameters and the complexity of using multiple directories or state configurations. The conclusion emphasizes that while wrappers like Terragrunt may help, simpler solutions might be preferable if Terraform's issues are resolved in the future.
2023-05-24 - Three problems of Terraform DevOps Pro EU.pdf
- 1. Three Problems of Terraform — Why People Keep Writing Terraform Wrappers
- 6. www.fivexl.io | hello@fivexl.io Do it. Do it better. Do it right. Alex Lindsay
- 8. www.fivexl.io | hello@fivexl.io Andrey Devyatkin Co-Host at DevSecOps Talks podcast Principal Cloud Engineering Specialist AWS Community Builder Co-Founder at FivexL Public speaker
- 12. www.fivexl.io | hello@fivexl.io three conceptual problems Dynamic state location Deploying the same configuration to multiple environments Environment specific parameters A way to address differences between environments Cross-state resources lookup A need to reference resources from different states
- 16. www.fivexl.io | hello@fivexl.io $ ls README.md .terraform main.tf terraform.tfstate
- 17. www.fivexl.io | hello@fivexl.io terraform { backend "s3" { bucket = "my-cool-startup-infra-state" key = "terraform/main.tfstate" region = "us-east-1" } }
- 18. www.fivexl.io | hello@fivexl.io Assumptions AWS S3 backend
- 19. www.fivexl.io | hello@fivexl.io So far so good No need for the wrapper
- 21. www.fivexl.io | hello@fivexl.io We need to deploy the app to the second environment
- 23. www.fivexl.io | hello@fivexl.io We need to change backend configuration depending on env
- 24. www.fivexl.io | hello@fivexl.io terraform { backend "s3" { bucket = "my-cool-startup-infra-state" key = "terraform/main.tfstate" region = "us-east-1" } }
- 25. www.fivexl.io | hello@fivexl.io https://github.com/hashicorp/terraform/issues/17288
- 26. www.fivexl.io | hello@fivexl.io Can we use Terraform workspaces?
- 27. www.fivexl.io | hello@fivexl.io https://developer.hashicorp.com/terraform/cli/workspaces As of 2023-05-18
- 28. www.fivexl.io | hello@fivexl.io https://developer.hashicorp.com/terraform/cli/workspaces#when-not-to-use-multiple-workspaces As of 2023-05-18 Okay, what is the real life use case then? 🤔
- 29. www.fivexl.io | hello@fivexl.io https://developer.hashicorp.com/terraform/cli/workspaces#alternatives-to-workspaces As of 2023-05-18
- 32. www.fivexl.io | hello@fivexl.io But why so many directories? Can’t we just use the same directory somehow? 🤔
- 33. www.fivexl.io | hello@fivexl.io https://developer.hashicorp.com/terraform/language/settings/backends/configuration#partial-configuration As of 2023-05-18
- 34. www.fivexl.io | hello@fivexl.io terraform { backend "s3" { bucket = "my-cool-startup-infra-state" key = "terraform/main.tfstate" region = "us-east-1" } }
- 35. www.fivexl.io | hello@fivexl.io terraform { backend "s3" {} } terraform init -backend-config "bucket=my-cool-startup-infra-state" -backend-config "key=terraform/main.tfstate" -backend-config "region=us-east-1"
- 36. www.fivexl.io | hello@fivexl.io Do we share S3 bucket between environments?
- 37. www.fivexl.io | hello@fivexl.io Assumptions AWS dev/production S3 backend bucket/state per env with predefined name
- 38. www.fivexl.io | hello@fivexl.io terraform { backend "s3" {} } terraform init -backend-config "infra-state-798424800762" -backend-config "key=terraform/main.tfstate" -backend-config "region=us-east-1"
- 39. www.fivexl.io | hello@fivexl.io Why did we name s3 bucket this way? 🤔
- 40. www.fivexl.io | hello@fivexl.io format("infra-state-%s", data.aws_caller_identity.current.account_id)
- 41. www.fivexl.io | hello@fivexl.io Would exposing the account id get us into trouble? 🤔
- 43. www.fivexl.io | hello@fivexl.io # debatable format("infra-state-%s", data.aws_caller_identity.current.account_id) # paranoid edition format("infra-state-%s", sha1(data.aws_caller_identity.current.account_id))
- 44. www.fivexl.io | hello@fivexl.io Why not just use env suffix like -prod or -dev? 🤔
- 45. www.fivexl.io | hello@fivexl.io If we are using the same dir then how to be with .terraform? 🤔
- 46. www.fivexl.io | hello@fivexl.io https://developer.hashicorp.com/terraform/cli/config/environment-variables#tf_data_dir As of 2023-05-18
- 49. www.fivexl.io | hello@fivexl.io AWS_DEFAULT_REGION env variable? Use aws-vault for env setup
- 50. www.fivexl.io | hello@fivexl.io $ ls README.md .terraform.798424800762 .terraform.813771662528 main.tf
- 52. www.fivexl.io | hello@fivexl.io How do we specify different parameters for different environments?
- 53. www.fivexl.io | hello@fivexl.io https://developer.hashicorp.com/terraform/language/values/variables#assigning-values-to-root-module-variables As of 2023-05-18
- 55. www.fivexl.io | hello@fivexl.io $ ls README.md 798424800762.tfvars 813771662528.tfvars .terraform.798424800762 .terraform.813771662528 main.tf $ cat 798424800762.tfvars # dev instance_type = "t4g.micro" $ cat 813771662528.tfvars # prod instance_type = "t4g.large"
- 58. www.fivexl.io | hello@fivexl.io Do we really need a wrapper for this?
- 60. www.fivexl.io | hello@fivexl.io What if we add more applications?
- 63. www.fivexl.io | hello@fivexl.io How do I get VPC id from network stack to my application stack?
- 65. www.fivexl.io | hello@fivexl.io Terragrunt remote state resoltion
- 66. www.fivexl.io | hello@fivexl.io AWS SSM Parameters AWS S3 Self-containing modules Are the other ways? Tooling
- 67. www.fivexl.io | hello@fivexl.io Self-contained modules? 🤔 Create resources Look up resources Provide policies …
- 69. www.fivexl.io | hello@fivexl.io Conclusion and recap
- 70. www.fivexl.io | hello@fivexl.io three conceptual problems Dynamic state location Deploying the same configuration to multiple environments Environment specific parameters A way to address differences between environments Cross-state resources lookup A need to reference resources from different states
- 72. www.fivexl.io | hello@fivexl.io conventions vs wrappers
- 73. www.fivexl.io | hello@fivexl.io You can remove bash (if Terraform problems get solved one day), much harder to remove more complex solutions like Terragrunt