Terraform

Terraform is an open-source Infrastructure as Code (IaC) tool created by HashiCorp that lets you define cloud and infrastructure resources using declarative configuration files.
Author

Benedict Thekkel

๐Ÿง  Core Concepts

1๏ธโƒฃ Infrastructure as Code (IaC)

You define infrastructure in HCL (HashiCorp Configuration Language):

provider "aws" {
  region = "ap-southeast-2"
}

resource "aws_instance" "web" {
  ami           = "ami-123456"
  instance_type = "t3.micro"
}

Then run:

terraform init
terraform plan
terraform apply

2๏ธโƒฃ Declarative Model

You describe what you want, not how to build it.

Terraform:

  • Builds dependency graph
  • Determines order
  • Calculates diff
  • Applies minimal changes

3๏ธโƒฃ Providers

Providers connect Terraform to platforms:

Category Examples
Cloud AWS, Azure, GCP, OCI
Containers Kubernetes, Docker
SaaS GitHub, Cloudflare
On-prem VMware, Proxmox
Databases PostgreSQL, MongoDB

๐Ÿ‘‰ Yes โ€” Terraform works with AWS, Oracle Cloud, Proxmox, etc.

4๏ธโƒฃ State File (Very Important)

Terraform tracks infrastructure in a state file (terraform.tfstate).

It stores:

  • Resource IDs
  • Metadata
  • Dependency graph

Why state matters:

  • Enables diffing
  • Prevents recreation
  • Tracks drift

Best practice:

Use remote backend:

Backend Use case
S3 + DynamoDB AWS teams
Azure Blob Azure
GCS GCP
Terraform Cloud Managed

๐Ÿ— Terraform Workflow

Write config โ†’ Init โ†’ Plan โ†’ Apply โ†’ Destroy

Commands Explained

Command What it does
init Downloads providers
plan Shows execution plan
apply Executes changes
destroy Deletes infrastructure
validate Syntax check
fmt Format code
state Inspect state

๐Ÿ”„ How Terraform Works Internally

  1. Parses HCL
  2. Builds dependency graph
  3. Compares desired vs actual state
  4. Calls provider APIs
  5. Updates state

๐Ÿงฉ Modules (Reusability)

Modules are reusable infrastructure packages.

Example:

module "vpc" {
  source = "./modules/vpc"
  cidr   = "10.0.0.0/16"
}

You can publish modules in:

  • Terraform Registry
  • Private Git repos

๐Ÿ“ฆ Variables & Outputs

Variables

variable "instance_type" {
  default = "t3.micro"
}

Outputs

output "public_ip" {
  value = aws_instance.web.public_ip
}

๐ŸŒ Multi-Cloud Architecture

Terraform supports:

Cloud Supported
AWS โœ…
Azure โœ…
GCP โœ…
OCI โœ…
Alibaba โœ…

You can define multiple providers in one config.

๐Ÿ” Security Best Practices

  • Never commit .tfstate
  • Use remote encrypted backend
  • Use IAM roles (not static keys)
  • Use workspaces for environments
  • Restrict state access

๐Ÿงช Workspaces (Environments)

terraform workspace new prod
terraform workspace select dev

Enables:

  • dev
  • staging
  • production

โš™ Advanced Features

1๏ธโƒฃ Data Sources

Read existing infrastructure:

data "aws_vpc" "default" {
  default = true
}

2๏ธโƒฃ Lifecycle Rules

lifecycle {
  prevent_destroy = true
}

3๏ธโƒฃ Count & For_each

Create multiple resources:

resource "aws_instance" "web" {
  count = 3
}

4๏ธโƒฃ Provisioners (Use Carefully)

Run scripts after creation:

provisioner "remote-exec" {}

โš ๏ธ Not recommended for complex config โ€” use Ansible instead.

๐Ÿš€ Terraform vs Other Tools

Tool Type Declarative? Language
Terraform IaC Yes HCL
Pulumi IaC Yes Python/TS/Go
CloudFormation AWS only Yes YAML
Ansible Config mgmt Mostly procedural YAML
Kubernetes Container orchestration Declarative YAML

๐Ÿ”„ Terraform vs Kubernetes

Terraform Kubernetes
Provisions infrastructure Orchestrates containers
Creates clusters Runs workloads
Cloud agnostic Cluster specific

They often work together.

๐Ÿ“‰ Common Problems

1๏ธโƒฃ State Corruption

Fix with:

terraform state rm
terraform import

2๏ธโƒฃ Drift

Use:

terraform plan

3๏ธโƒฃ Large Teams

Use:

  • Remote backend
  • Locking
  • CI/CD

๐Ÿข Terraform Cloud & Enterprise

Terraform Cloud provides:

  • Remote runs
  • State storage
  • Policy as code (Sentinel)
  • Team management

๐Ÿ”ฅ Production Best Practices

Structure

infrastructure/
  modules/
  envs/
    dev/
    prod/

CI/CD

  • Run plan in PR
  • Require approval
  • Auto apply on merge

Version Pinning

required_providers {
  aws = {
    version = "~> 5.0"
  }
}

๐Ÿ“Š When NOT To Use Terraform

  • Short-lived experiments
  • Very dynamic runtime infra
  • Fine-grained config management

๐Ÿง  Advanced Patterns

  • Blue/Green infra
  • Multi-region failover
  • Immutable infrastructure
  • Policy as Code
  • GitOps workflows

๐Ÿ— Example: AWS VPC + EC2 + RDS

Terraform can build:

VPC
 โ”œโ”€ Public Subnet
 โ”œโ”€ Private Subnet
 โ”œโ”€ EC2 Instance
 โ””โ”€ RDS Database

All reproducible with a single apply.

๐Ÿ”ฎ Future of Terraform

  • Increased policy automation
  • OpenTofu (community fork)
  • More cloud-neutral infra design
  • AI-generated infrastructure configs

๐Ÿงญ If Youโ€™re Running Proxmox

Terraform has:

  • Proxmox provider
  • VMware provider
  • Kubernetes provider

So yes โ€” you can manage:

  • VMs
  • Containers
  • Networks

๐Ÿ Summary

Terraform is best when:

  • You want reproducible infrastructure
  • You manage multiple environments
  • You need version-controlled infra
  • You want multi-cloud flexibility

It is less suited for:

  • App runtime orchestration
  • Fine config management
  • One-off manual setups

If you want, I can next give:

  • ๐Ÿ”ฅ Real production folder structure example
  • ๐Ÿง  Terraform for Proxmox homelab guide
  • โ˜ Terraform for AWS startup SaaS
  • ๐Ÿ” Terraform security deep dive
  • ๐Ÿš€ Terraform vs Pulumi vs OpenTofu

Just tell me what direction you want.

Back to top