fbpx
1-888-310-4540 (main) / 1-888-707-6150 (support) info@spkaa.com
Select Page

Infrastructure as Code with Terraform

Infrastructure as Code with Terraform featured image

Published in...AWS, Azure, Cloud, DevOps

Published by Mike Solinap
on January 12, 2023

Before we begin to talk in detail about this topic, we should clarify some definitions first.  The first term comes from the DevOps movement where IT Operations staff use the concept of revision history/version control by using the concept of infrastructure as code.  Infrastructure as code (IaC) is a practice in which infrastructure is defined and managed using configuration files and automation tools, rather than being manually configured and maintained. This allows organizations to automate the provisioning and management of infrastructure resources, such as servers, networks, and storage systems, in a safe, predictable, and efficient manner.

Using IaC allows technology groups to manage their infrastructure in a similar way to how they manage their application code, using version control systems, automated testing, and deployment pipelines. This makes it easier to manage infrastructure over time, collaborate with others on infrastructure projects, and automate the provisioning and management of infrastructure resources.

There are a variety of tools and technologies available for implementing IaC, including configuration management tools, orchestration tools, and infrastructure as a service (IaaS) platforms. These tools allow users to define their infrastructure in a configuration file, and then use that configuration to create and manage resources on various cloud platforms and other infrastructure providers.  But for now, let’s get into the specifics of Terraform.

What is Terraform?

Terraform is an open-source infrastructure as code (IaC) tool that is used to define and deploy infrastructure resources in a safe, predictable, and efficient manner. It allows users to define their infrastructure in a configuration file, and then use that configuration to create and manage resources on various cloud platforms, including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).

Terraform is designed to be a flexible and powerful tool for managing infrastructure, and is widely used by organizations of all sizes to automate the provisioning and management of infrastructure resources. Some of the main reasons why people use Terraform include the following.

Easy to Use

Terraform uses a simple configuration language and a declarative syntax, which makes it easy to understand and use, even for people with little or no programming experience.

Scalable

Terraform allows users to define their infrastructure in a configuration file, which can be version-controlled and shared with others. This makes it easier to manage infrastructure over time and collaborate with others on infrastructure projects.  Using Terraform will enable new hires or experienced IT staff to be able to quickly and easily use your systems and keep the same benefits of a small team.

Cross-platform Support

Terraform supports a wide range of cloud platforms and other infrastructure providers, which makes it a versatile tool for managing infrastructure across different environments.

Efficient Resource Management

Terraform has built-in support for resource dependencies, which allows it to create resources in the correct order and avoid unnecessary resource creation and destruction. This helps to reduce the risk of errors and improve the efficiency of resource management.

Current Struggles Managing Infrastructure

As infrastructure usage increases, companies have problems keeping up.  It’s a natural concern with companies and technology growth.  Those areas include…

        • The ability to reuse infrastructure or systems to implement a stable and consistent environment
        • The issues that arise from Change Management – When can we implement the new change?  When is the next maintenance window?  What changes to the system are critical vs. moderate?  Who must be notified if successful?  Who must be notified if the change was not applied?  What compliance documentation needs to be completed?
        • Because of the complexities, it is difficult for developers to incorporate changes in the infrastructure.  Whether it be due to security or lack of knowledge, developers and IT operations personnel won’t operate the same way.
        • Because of the intricacies of different platforms, there are very few experts on everything, which dilutes the knowledge of the teams involved.
        • When managing infrastructure, there are times where changes will be applied.  If you have ever had to be in the data center at 3am to make a planned change only to find that it failed and you must revert to a previous stage or restore a previous backup, you know how frustrating it can be.
        • Security!

Let’s break down each of those areas.

Repeatability & Reuse

One of the main reasons it’s beneficial to use Terraform is to clone the development and QA environments.  No knowledge worker likes to do the same work over and over again.  The right idea is to not reinvent the wheel.  The right idea is to utilize the ability to clone what you need from other environments, configure which geographic AWS or Azure regions needed and build an environment which will allow you to easily and quickly have an environment for testing.  The ability to configure this in Terraform will allow you to quickly destroy and rebuild without extra effort.

Change Management

Without IaC, any changes are descriptive, which means show me how to do what is needed.  When we provide guidance to individuals on our teams, we can get different outcomes.  Those different outcomes can create configuration nightmares.  By utilizing IaC, we get consistency with our changes.  When we use Terraform for IaC, the environment could be controlled by version control like Git, so quick restore becomes possible.  If you have conversations with IT operations members that have been working for more than 20 years, you’ll learn that this is a HUGE improvement from the way we used to do change management.

Intricacies of Different Platforms

When using different Cloud Platform comes different APIs and CLI (command line interfaces).  This means that there are different knowledge sets needed to operate in one environment or another.  This is also complicated by Network Switching Configurations where you have to go to each device and use the CLI to do something.  While we don’t want to make this article about cloud-only solutions, by introducing different server hardware management interfaces to the scenario, you add vendor-dependent commands to the configurations as well, which can complicate things.  By utilizing IaC, you can best manage and compartmentalize these situations to modularly upgrade/change them as needed.  There are also OS considerations, which can best be managed by an IaC approach.

No Developer Integration But We Had a System

Because applications need developers and infrastructure, it’s inevitable that there will be requests from developers to do things on your infrastructure.  In one instance, we had a developer who wanted to whitelist an IP address to the database.  This was handled very simply by asking the developer to submit a request to the ticketing system (Jira Service Management).  The ticket was triaged and assigned to the database team for the work involved because someone saw “database” in the ticket.  The ticket was then reassigned to the Network Team because the request revolved around the network address and not necessarily the database access.  The Network Team added a firewall rule, which solved the issue for that developer.  By utilizing the system, the proper action happened even though the ticket had to be re-routed.  Having an easy ITSM system in place made a huge difference for how long this request took vs. how long it could have taken.

Audit and Cleanup

When working with IaC, there are certain things that need to be trued up at the end of a project, such as documentation, auditing, and cleanup.  Things like “how can changes be logged/audited?” or “how many interfaces or entry points are there?” are questions that should be asked by members of the IT Ops or DevSecOps teams.  Also, each Cloud Platform is billed by resources being used.  Thus, it is important to clean up your space before completing a project to ensure you don’t have wasted resources that are spending money for no reason.  Also, these resources could also be costing you serious money so be sure to clean up your environment when completing a project.

How Infrastructure as Code With Terraform Solves These Issues

The terms imperative and declarative come up frequently in IAC discussions. Both terms refer to how the user provides direction to the automation platform. With an imperative tool, you define the steps needed in order to get the desired outcome. With a declarative tool, you define the desired state of the final solution, and the automation platform determines how to achieve that state.

Declarative Language

In the context of infrastructure as code (IaC), a declarative language is a programming language that is used to specify the desired state of a system, rather than describing the steps required to achieve that state. This means that when you use declarative language to define your infrastructure, you are telling the system what you want it to look like, rather than how you want it to get there.

Declarative languages are often used in IaC because they allow you to specify the desired end state of your infrastructure in a clear and concise way, and then leave it up to the system to figure out how to achieve that state. This can make it easier to manage and maintain your infrastructure, as you don’t have to worry about the specific steps required to implement changes.

Terraform is an example of Declarative luggage, which is opposed to building steps such that you get from a docker file.

Code Stored in Cloud

 

The great thing about IaC is that your code can be stored in git repos, such as Github, Bitbucket, or Gitlab.  This will take care of version control and allow you to deploy your code to the Cloud, from the Cloud.

In the past year or so, SPK has converted many environments to fully IaC-maintained environments.  For example, we have one client that has a total of 8 environments in use.  Of those, 5 environments were FULLY generated and maintained by code.

Conclusion

The above items are examples of great starting points for your use of Terraform as your IaC platform.  But implementing it can be difficult.  SPK’s team of experts does this on a daily basis for our clients.  You can speak with SPK experts by using our contact form here.

Latest White Papers

Related Resources

Cloud Security: The Shared Responsibilty Model Explained

Cloud Security: The Shared Responsibilty Model Explained

Transformative tech trends like the internet of things (IoT), artificial intelligence (AI), virtual reality (VR) and dispersed workforces have increased cloud adoption. Why? Because it provides the ability for agility, productivity, and scalability like no other...

AWS re:Invent 2022: Everything You Need To Know

AWS re:Invent 2022: Everything You Need To Know

Miss out on AWS re:Invent 2022? Or, just looking for a recap on the latest AWS updates and releases from the event? Check out the summary below. What is AWS re:Invent? AWS re:Invent is an annual conference hosted by Amazon Web Services (AWS) for developers, customers,...

Solving for the “Islands of Jenkins”

Solving for the “Islands of Jenkins”

In October 2022, I wrote a blog post entitled “Scaling Jenkins for the Enterprise”.  Within it, I described the “Islands of Jenkins” problem organizations face. Essentially, this problem stems from companies using an open-source Jenkins installation for each team, but...