Hashicorp Terraform
Automation DevOps

Intro to Hashicorp’s Terraform

By Omer Hamerman
Principal DevOps Engineer
Read More >

Terraform is Hashicorp’s open-source infrastructure-as-code solution. It manages computing infrastructure lifecycles using declarative, human-readable configuration files, enabling DevOps teams to version, share, and reuse resource configurations. This allows teams to conveniently commit the configuration files to version-control tools for safe and efficient collaboration across departments. 

Terraform leverages plugins, also called providers, to connect with other cloud providers, external APIs, or SaaS providers. Providers help standardize, provision, and manage the infrastructure deployment workflow by defining individual units of infrastructure as resources.

Terraform Features

Declarative Configurations via Hashicorp Configuration Language (HCL)

The syntax of Terraform modules is built with the Hashicorp Configuration Language (HCL), which is both human-readable and machine-friendly. The low-level configuration markup enables developers to define dependencies between resources and create numerous similar resources using a single block.

Supports Local and Remote Execution Modes

By default, Terraform supports the “Remote” execution mode, where Terraform agents run on disposable virtual servers in Terraform Cloud. Developers can utilize Terraform Cloud Agents on private cloud platforms and on-premises environments for isolated remote execution. Organizations can also disable remote execution by switching to “Local” execution mode, allowing developers to execute Terraform runs locally.

Default Version Control Integration

Organizations can link Terraform Cloud workspaces to a version control system (VCS) repository containing the Terraform workspace configuration. Using the settings page in the workspace, teams can customize VCS settings like the VCS repositories/branches to be used, specific directories in the repositories that would trigger Terraform runs, etc. Terraform Cloud Agents watch the repository/directory for changes and trigger runs with new configuration files from the repository/directory whenever new changes are committed.

Private Registry

Teams can build internal private registries containing public or custom providers and modules, fostering safe collaboration within the organization. A private registry can seamlessly import modules from private VCS repositories and even facilitate versioning of the modules, thus streamlining the software release cycle. Additionally, the platform supports Sentinel policies to govern the usage of modules from private registries. 

Ships with a Full API

Terraform Cloud’s publicly available APIs grant you access to Terraform Cloud features. Teams can use these APIs to configure other tools and services to perform Terraform operations like:

  • Uploading configurations
  • Configuring Terraform workspaces
  • Initiating deployment runs

Terraform Pros

Vendor-Neutral

While it was developed by HashiCorp, Terraform works seamlessly with infrastructure on all public/private cloud platforms and on-premises infrastructure. Although the same code cannot be used across different platforms, Terraform offers an easier migration of its declarative language and underlying configuration. This cloud-agnostic feature makes it a perfect choice for hybrid/multi-cloud deployments.

Planning with Local CLI

Terraform can be run from a local CLI with a list of useful subcommands to support various stages of a workflow. One of them is the plan subcommand, which helps with speculative planning and the identification of changes required by the current configuration. Using the local CLI, you can also locally preview changes that Terraform plans to deploy on your infrastructure while comparing it with the current configuration state.  

Open Source

Terraform is free for use by any individual or enterprise and embraces a plugin-based architecture that can be easily extended by teams for custom use cases. Being open-source, Terraform benefits from contributions by developers and enthusiasts all over the world. As a result, it is easier to find a service provider, module, or other integration plugins that are readily available and suitable for various use cases.

Easy to Use Uniform, Strong IaC Syntax

The HashiCorp Configuration Language (HCL) is interoperable with JSON and is human-readable and less verbose. The language additionally maintains a uniform syntax, making it both machine- and human-friendly. As a common configuration language, HCL forms an interoperability layer between IaC teams and infrastructure platforms and can be used across a wide range of infrastructure configuration use cases.

Simple Configuration Optimization with Dependency Graphs

Terraform ships with a resource graph functionality to provide a visual representation of your execution plan or infrastructure configuration. Terraform outputs this information in the DOT graph description language, which you can export to visualization tools such as Graphviz to exhibit dependencies and integrations between resources. 

Helpful Documentation

Terraform includes comprehensive, easy-to-interpret documentation with a multitude of examples demonstrating various IaC use cases. Terraform Cloud also provides a public registry with thousands of providers and modules along with documentation that can be customized for most infrastructure provisioning scenarios.

Terraform Cons

The limitations of Terraform come down to two factors:

  • Even though HCL is considered an easy-to-use declarative language, it requires a basic learning curve for implementation. 
  • Its security and state management features are only available in its enterprise plans.

Final Words

Despite the challenges listed above, Terraform continues to be a favorite of many DevOps engineers due to the fact that it is open source, vendor neutral, and flexible in nature. Hashicorp is a trusted name in the open source ecosystem, making Terraform an extremely well-respected and popular tool for those who prefer to work with open source technologies.

If you’re looking for an IaC alternative, check our article introducing AWS CloudFormation and stay tuned for our side-by-side comparison of Terraform and CloudFormation.

Related Articles

Tags

AutomationDevOps