Terraform modules and (some of) best practices
0 likes629 views
The document discusses Terraform modules, best practices, and orchestration techniques for managing AWS infrastructure as code. It emphasizes the benefits of using well-structured modules, avoiding certain practices like provisioners, and leveraging community resources. The author also highlights the features of Terraform 0.12 and tools like Cloudcraft for visualizing infrastructure.
![- [ ] How to write modules
- [ ] How to use modules](https://image.slidesharecdn.com/terraform-modules-and-best-practices-december-2018-new-york-181204022659/85/Terraform-modules-and-some-of-best-practices-24-320.jpg)
![- [x] How to write modules
- [x] Do not write, if possible
- [x] Do not use: providers and provisioners
- [ ] How to use modules](https://image.slidesharecdn.com/terraform-modules-and-best-practices-december-2018-new-york-181204022659/85/Terraform-modules-and-some-of-best-practices-41-320.jpg)
![- [x] How to write modules
- [x] How to use modules
- [x] 1-in-1 much better over time
- [x] Orchestration = Terragrunt
- [x] Dynamic values in tfvars
- [ ] What is next?](https://image.slidesharecdn.com/terraform-modules-and-best-practices-december-2018-new-york-181204022659/85/Terraform-modules-and-some-of-best-practices-60-320.jpg)
Terraform modules and (some of) best practices
- 1. Terraform modules and (some of) best-practices Anton Babenko @antonbabenko December 2018
- 2. Anton Babenko Terraform AWS fanatic since 2015. HUG, AWS, DevOps Norway, DevOpsDays Oslo… I 💚 open-source: terraform-community-modules + terraform-aws-modules antonbabenko/pre-commit-terraform — auto-formatting code and documentation antonbabenko/modules.tf-lambda — Terraform configurations from visual diagrams www.terraform-best-practices.com medium.com/@anton.babenko @antonbabenko - Twitter, and many Slacks
- 3. Collection of open-source Terraform AWS modules supported by the community. More than 2 millions downloads. (VPC, Autoscaling, RDS, Security Groups, ELB, ALB, Redshift, SNS, SQS, IAM, EKS, ECS…) github.com/terraform-aws-modules registry.terraform.io/modules/terraform-aws-modules
- 4. Write, plan and manage infrastructure as code www.terraform.io
- 5. Google Cloud Deployment Manager Azure Resource Manager
- 8. Terraform — is a universal tool to manage anything that has an API GSuite Dropbox files and access New Relic metrics Datadog users and metrics Bugs in Jira All Terraform providers
- 9. VPC, please!
- 14. Problems Code size is growing Complicated dependencies
- 15. Solution — Terraform modules
- 16. Terraform modules are self-contained packages of Terraform configurations that are managed as a group.
- 17. Resource modules Only create resources in a very flexible way Open-source
- 18. Resource modules
- 20. Infrastructure modules Consist of resource modules Company standards and tags Pre-processors, jsonnet, cookiecutter
- 23. Types of Terraform modules Resource modules (terraform-aws-modules, for example) Infrastructure modules
- 25. Tip №0 Check Terraform Registry before writing new resource module.
- 26. Hide specifics
- 29. Size
- 31. Things to avoid in Terraform modules
- 32. Exception: logical providers (template, random, local, http, external) Providers in modules — bad
- 34. Provisioner — bad Avoid provisioners in all resources
- 35. Provisioner — bad Avoid provisioners even inside EC2 resources
- 36. Provisioner — bad Avoid provisioners even inside EC2 resources
- 39. null_resource provisioner — good
- 40. Traits of good Terraform modules Documentation and examples Feature-rich Sane defaults Clean code Tests Read more: http://bit.ly/common-traits-in-terraform-modules
- 42. How to use Terraform modules Many resources, many modules How to organize and use them? How to orchestrate them?
- 43. All in one Good: Declare variables and outputs in fewer places Bad: Large blast radius Everything is blocked at once Not possible to specify dependenies between modules (depends_on)
- 44. 1-in-1 Good: Small blast radius Possible to chain calls Faster and easier to work with Bad: Declare variables and outputs in several places
- 45. How is it in your project? "All in one" or 1-in-1 ?
- 46. Correct Most frequent answer: "somewhere in between" + "it depends"
- 47. What about orchestration in your project? -target Makefile …
- 49. Do not try this at home!
- 55. Orchestration = Terragrunt tfvars can’t contain dynamic values :(
- 56. Orchestration = Terragrunt tfvars can’t contain dynamic values, so I fixed it :)
- 57. before_hook + shell-script See this: https://github.com/antonbabenko/modules.tf-lambda/blob/master/ templates/terragrunt-common-layer/template/common/scripts/ update_dynamic_values_in_tfvars.sh Or try it yourself by using cloudcraft.co
- 58. Edge cases Different AWS regions (S3 signature, EC2 ClassicLink, IPv6) Age of AWS accounts Limits in AWS
- 59. Avoid in Terraform Non-sensitive arguments in CLI. Put them in tfvars file. • -target • -parallelism Terraform workspaces => Separate directory Dependency hell in modules
- 61. Terraform 0.12 HCL2 — simplified syntax Loops ("for") Dynamic blocks ("for_each") Correct operations of comparison (… ? … : …) Extended types in variables Templates in string values Links between all resources everywhere (depends_on) Read more — https://www.hashicorp.com/blog/terraform-0-1-2-preview
- 62. Summary Write less and simpler — Terraform 0.12 will not fix your code for you Use existing modules and tools
- 63. BONUS
- 66. cloudcraft.co features Manage AWS components in browser (EC2 instances, autoscaling groups, RDS, etc) Connect components Import live AWS infrastructure Calculate the budget Share link to a blueprint Export as image Embed drawing to wiki, Confluence, etc
- 69. Infrastructure as code generator — from visual diagrams to Terraform
- 70. ✓ cloudcraft.co — design, plan and visualize ✓ terraform-aws-modules — building blocks of AWS infrastructure ✓ Terraform — infrastructure as code
- 71. modules.tf notes ✓ Available for all users: https://cloudcraft.co/ ✓ Generates potentially ready-to-use Terraform configurations ✓ Suits best for bootstrapping ✓ Enforces Terraform best practices ✓ Batteries included (terraform-aws-modules, terragrunt, pre-commit, …) ✓ 100% free for all & open-source (https://github.com/antonbabenko/ modules.tf-lambda ) ✓ Want to sponsor, or a sticker? Contact me.
- 72. modules.tf demo
- 73. Thanks to my supporters!
- 74. Cloudcraft — the best way to draw AWS diagrams cloudcraft.co
- 75. Thanks! Questions? In progress — www.terraform-best-practices.com github.com/antonbabenko twitter.com/antonbabenko