Terraform - Infrastructure as code

Matt Kimber

1 min read

We've been looking at how to effectively manage our cloud empire lately. While spinning up instances, balancers and clusters in the AWS web interface is easy, sooner or later you run into the same problem as traditional servers where you don't know how any given box is configured or why it's there. (And yes, I'm aware of change management. Mostly I have a long and tragic experience of it falling apart as developers circumvent the process because it's the only way to get things done at any pace faster than tectonic.)

Configuration-as-code has been a big help back in the regular old server space. I'll save going into too much detail, but if you use something like Puppet then your server configuration goes from being a mystery to an artifact in your source control. This is useful not only for seeing what's what, but also what changed when and - assuming you have decent check-in comments - why.

Terraform takes that to the next level. In a world where adding or removing servers is just a click away, you can get to the point where even the infrastructure itself is code. It's checked into your source control, and you know exactly what boxes, firewall rules and network configurations a particular solution relies upon.

Where Terraform really comes into its own, though, is that it's not merely a collection of scripts. It's actually a desired state tool - which means if you ask it to stand up three server instances but two already exist, it'll only create the one that's needed. This is a big step on from writing your own scripts around the AWS command-line tools; you could do this, but you'll spend an awful lot of time writing scripts to read the current state, figure out how it differs from what you want, and then apply the changes. Terraform is doing that work for you, and thus you spend a few minutes writing JSON rather than hours writing bash.

There are providers covering most of the various cloudy IaaS and PaaS services, so although most of our experience has been with AWS so far Terraform itself isn't limited to that. Although mentioning AWS, Terraform is definitely worth a look if you're working with ECS and expect to ship new versions of your containers regularly, as it makes doing so trivial.