A little workshop to explain some problems and pitfalls when managing IaC with Terraform and managing Terraform too
Folder 01_hello_world
Contains a simple example of a terraform module/project.
Folder 02_providers
Demostrates how to use terraform providers chained
Folder 03_backend
Keep the state somewhere safe! And use locks if there are concurrent changes.
Folder 04_functions
Folder 05_modules
Folder 06_workspaces
Make sure you are confortable with the strategy to adopt versions
Be mindful of the providers and modules you are using and how their maintainers publish their verions.
- New patch versions might cause changes in your infrastructure
- No updating ofter will make it very painful to update when you really need to
Could lead into
- Works when adding things. It doesn't on create from scratch, updating modules or destroying the whole thing.
- Cyclic dependencies
Explicit vs implicit
eg: AWS IAM propagation
Some times some provider resources or just how we do code might change the same cloud resource on two different projects and they will constantly changing the other.
Isolation vs easy to find
https://github.com/antonbabenko/terragrunt-reference-architecture
Using terraform and graphviz highlighting the cyclic dependencies with read
terraform plan -out tfplan
terraform graph -draw-cycles -module-depth=0 -plan=tfplan | dot -Tsvg > graph-apply.svg
$ docker run --rm -it -p 9000:9000 -v "$HOME/.aws":/root/.aws -v $(pwd):/src im2nguyen/roverif terraform uses AWS provider... you might want to mount your AWS credentials or the .aws folder
-e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SESSION_TOKEN-v "$HOME/.aws":/root/.awshttps://hieven.github.io/terraform-visual/plan-details
pre-commitincluding Terraform hooksterraform-docs