Infra as Code ( IaC) — Terraform (Learning Simplified)

6 min readOct 1, 2020

Q. What is Terraform?

Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.

Configuration files describe to Terraform the components needed to run a single application or your entire datacenter. Terraform generates an execution plan describing what it will do to reach the desired state, and then executes it to build the described infrastructure. As the configuration changes, Terraform is able to determine what changed and create incremental execution plans which can be applied.

The infrastructure Terraform can manage includes low-level components such as compute instances, storage, and networking, as well as high-level components such as DNS entries, SaaS features, etc.

The key features of Terraform are:

Infrastructure as Code

Infrastructure is described using a high-level configuration syntax. This allows a blueprint of your datacenter to be versioned and treated as you would for any other code. Additionally, infrastructure can be shared and re-used.

Execution Plans

Terraform has a “planning” step where it generates an execution plan. The execution plan shows what Terraform will do when you call apply. This lets you avoid any surprises when Terraform manipulates infrastructure.

Resource Graph

Terraform builds a graph of all your resources, and parallelizes the creation and modification of any non-dependent resources. Because of this, Terraform builds infrastructure as efficiently as possible, and operators get insight into dependencies in their infrastructure.

Change Automation

Complex change sets can be applied to your infrastructure with minimal human interaction. With the previously mentioned execution plan and resource graph, you know exactly what Terraform will change and in what order, avoiding many possible human errors.

Declarative vs Imperative Infrastructure

Before we proceed its utmost import to understand difference between declarative vs imperative Infrastructure.

The difference between the declarative and the imperative is that the declarative must know the current state, it must know whether the infrastructure already exists to know whether to create it or not. The imperative however has no idea if the infrastructure exists. The imperative example also cannot be easily re-ran, and doesn’t include the ability to update or delete.

Terraform implies declarative method of building infra, hence compare the current state and define what need to be created.

Configuration Blocks

Resources: Resources are the most important element in the Terraform language. Each resource block describes one or more infrastructure objects, such as virtual networks, compute instances, or higher-level components such as DNS records.

resource "aws_instance" "web" {
  ami           = "ami-a1b2c3d4"
  instance_type = "t2.micro"
}

Resource type “aws_instance” and local name “web” are used to refer to the resources elsewhere in same module. Scope is limited to module.

Provider: Each resource type is implemented by a provider, which is a plugin for Terraform that offers a collection of resource types. A provider usually provides resources to manage a single cloud or on-premises infrastructure platform. In order to manage resources, one need to define which provider Terraform module requires.

Variable: Variables serve as parameters for a Terraform module, allowing aspects of the module to be customized without altering the module’s own source code, and allowing modules to be shared between different configurations.

When you declare variables in the root module of your configuration, you can set their values using CLI options and environment variables. When you declare them in child modules, the calling module should pass values in the mobile block.

Variables are of three types:

Input variables are like function arguments.
Output values are like function return values.
Local values are like a function’s temporary local variables.

Module: A module is a container for multiple resources that are used together. Every Terraform configuration has at least one module, known as its root module, which consists of the resources defined in the .tf files in the main working directory.

State: Terraform must store state about your managed infrastructure and configuration. This state is used by Terraform to map real world resources to your configuration, keep track of metadata, and to improve performance for large infrastructures.

This state is stored by default in a local file named “terraform.tfstate”, but it can also be stored remotely, which works better in a team environment.

Terraform Command CLIs

Apply: The terraform apply command is used to apply the changes required to reach the desired state of the configuration, or the pre-determined set of actions generated by a terraform plan execution plan.

Destroy: The terraform destroy command is used to destroy the Terraform-managed infrastructure.

fmt: The terraform fmt command is used to rewrite Terraform configuration files to a canonical format and style. This command applies a subset of the Terraform language style conventions, along with other minor adjustments for readability.

init: The terraform init command is used to initialize a working directory containing Terraform configuration files. This is the first command that should be run after writing a new Terraform configuration or cloning an existing one from version control. It is safe to run this command multiple times.

Example:

One need to create Bigquery Dataset and table in Google Cloud Project using Terraform.

While writing Declarative one need to provide provider information for terraform to invoke relevant libraries for building infrastructure

For representation purpose I have created main.tf file having information of project and module. Here access token/credentials could be used to connect to GCP. I have used access token which remain valid for 1 hour. For production purpose hence its recommended to use JSON file credentials.

When terraform init command is executed, it will use provider information to setup neccessary information.

Once terraform is initialised, one shall move to terraform plan. command will execute and create plan for how resources will be traversed and created. Below is one such file for creating bigquery dataset and table.

Once the plan is successful, one can observe “+” resource to be added and “-” resource to be removed in plan. The plan depict on how resources will be created on applying.

Next step is to apply the configuration on GCP project. For same one has to use terraform apply command. On execution dataset and table will be created in bigquery