Successfully reported this slideshow.
Your SlideShare is downloading. ×

Terraform Best Practices - DevOps Unicorns 2019

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 80 Ad

More Related Content

Slideshows for you (20)

Similar to Terraform Best Practices - DevOps Unicorns 2019 (20)

Advertisement

Recently uploaded (20)

Advertisement

Terraform Best Practices - DevOps Unicorns 2019

  1. 1. Terraform Best Practices Anton Babenko @antonbabenko October 2019
  2. 2. Anton Babenko AWS Community Hero / Certified Terraform fanatic since 2015 Organiser of HashiCorp UG, AWS UG, DevOps Norway, DevOpsDays Oslo I 💚 open-source: terraform-community-modules + terraform-aws-modules antonbabenko/pre-commit-terraform — clean code and documentation antonbabenko/tfvars-annotations — update terraform.tfvars using annotations antonbabenko/modules.tf-lambda — generate Terraform code from visual diagrams antonbabenko/terragrunt-reference-architecture — Terragrunt reference architecture www.terraform-best-practices.com medium.com/@anton.babenko @antonbabenko — Twitter, GitHub, Linkedin
  3. 3. What do I do? All-things Terraform + AWS + DevOps Consulting Workshops Trainings Mentorship My interview: https://medium.com/@anton.babenko/my-terraform-aws-journey-hashitimes-interview-73d1b542fcc0 My email: anton@antonbabenko.com LinkedIn: https://www.linkedin.com/in/antonbabenko
  4. 4. Collection of open-source Terraform AWS modules supported by the community. More than 5 mil. downloads since September 2017. (VPC, Autoscaling, RDS, Security Groups, ELB, ALB, Redshift, SNS, SQS, IAM, EKS, ECS…) github.com/terraform-aws-modules registry.terraform.io/modules/terraform-aws-modules @antonbabenko
  5. 5. Cloudcraft.co — the best way to draw AWS diagrams @antonbabenko
  6. 6. cloudcraft.co features • Manage components in browser (EC2 instances, autoscaling groups, RDS, etc) • Connect components • Import live AWS infrastructure • Calculate the budget • Share link to a blueprint • Export as image • Embed drawing to wiki, Confluence, etc @antonbabenko
  7. 7. Infrastructure as code makes DevOps possible Key benefits: • Treat infrastructure like application code • Always know what changed • Validate infrastructure before deployment https://dzone.com/articles/infrastructure-as-code-the-benefits @antonbabenko
  8. 8. Tool for building, changing and versioning infrastructure safely and efficiently. www.terraform.io @antonbabenko
  9. 9. Terraform 0.12 @antonbabenko
  10. 10. @antonbabenko
  11. 11. @antonbabenko
  12. 12. @antonbabenko
  13. 13. Configuration Management Tools Google Cloud Deployment Manager Azure Resource Manager @antonbabenko
  14. 14. +morethan250providers @antonbabenko Configuration Management Tools
  15. 15. Why Terraform and not AWS CloudFormation, Azure ARM, Google Cloud Deployment Manager? @antonbabenko Terraform supports 250+ providers, has easier syntax (HCL), has native support for modules and remote states, has teamwork related features, is an open-source project Provides a high-level abstraction of infrastructure, unifies the view of resources Supports the modern datacenter (IaaS, PaaS, SaaS) Separates planning from execution (dry-run) Provides a workflow which is technology agnostic Manages anything with an API
  16. 16. Terraform — universal tool for everything with an API Google G Suite Dropbox files and access New Relic metrics Datadog users and metrics Jira issues Minecraft, or even order Domino’s pizza All Terraform providers — https://www.terraform.io/docs/providers/index.html @antonbabenko
  17. 17. Terraform 0.12 HCL2 — simplified syntax Loops ("for") Dynamic blocks ("for_each") Correct conditional operators (… ? … : …) Extended types of variables Templates in values Links between resources are supported (depends_on everywhere) Read more — https://www.hashicorp.com/blog/announcing-terraform-0-1-2-beta @antonbabenko
  18. 18. Let’s start! @antonbabenko
  19. 19. "Let’s manage AWS network stack" @antonbabenko
  20. 20. @antonbabenko
  21. 21. @antonbabenko
  22. 22. @antonbabenko
  23. 23. @antonbabenko
  24. 24. @antonbabenko
  25. 25. main.tf: 10-20 Kb 300+ LOC @antonbabenko
  26. 26. Emerging issues Code size is increasing Dependencies between resources become complicated @antonbabenko
  27. 27. Terraform modules @antonbabenko
  28. 28. – What is Terraform module? “Modules in Terraform are self-contained packages of Terraform configurations that are managed as a group.” @antonbabenko
  29. 29. Types of Terraform modules Resource modules (github.com/terraform-aws-modules , for eg) Infrastructure modules @antonbabenko
  30. 30. Resource modules Create resources in a very flexible configuration Open-source @antonbabenko
  31. 31. Resource modules @antonbabenko
  32. 32. Resource modules @antonbabenko
  33. 33. Resource modules @antonbabenko
  34. 34. Resource modules @antonbabenko
  35. 35. Would you use Terraform module to manage AWS EC2 security group? @antonbabenko
  36. 36. @antonbabenko
  37. 37. Would you use Terraform module to manage AWS EC2 security group? Yes :) @antonbabenko
  38. 38. Infrastructure modules Also known as "curated modules" and "company-wide modules" Consist of resource modules Enforce tags and company standards In 0.11 — use preprocessors, jsonnet, cookiecutter In 0.12 — may implement complex logic (conditions, loops, nested blocks) @antonbabenko
  39. 39. Infrastructure modules @antonbabenko
  40. 40. Infrastructure modules @antonbabenko
  41. 41. Infrastructure modules @antonbabenko
  42. 42. @antonbabenko
  43. 43. Terraform modules: do and don’t @antonbabenko
  44. 44. Terraform Registry Check registry.terraform.io before writing any Terraform modules @antonbabenko
  45. 45. Very Frequent Problem: Terraform modules can’t be re-used, because they are very specific @antonbabenko
  46. 46. Exception: logical providers (template, random, local, http, external) Providers in modules — evil @antonbabenko
  47. 47. @antonbabenko
  48. 48. Provisioner — evil Avoid provisioner in all resources @antonbabenko
  49. 49. Provisioner — evil Avoid provisioner in all resources @antonbabenko
  50. 50. Provisioner — evil Avoid provisioner even in EC2 resources @antonbabenko
  51. 51. Provisioner — evil Avoid provisioner even in EC2 resources @antonbabenko
  52. 52. @antonbabenko
  53. 53. @antonbabenko
  54. 54. null_resource provisioner — good @antonbabenko
  55. 55. Traits of good Terraform modules Documentation and examples Feature rich Sane defaults Clean code Tests Read more: http://bit.ly/common-traits-in-terraform-modules @antonbabenko
  56. 56. Are Terraform modules enough? @antonbabenko
  57. 57. No, Terraform module is the beginning. @antonbabenko
  58. 58. - [x] Terraform modules - [ ] How to structure Terraform configurations? - [ ] Terraform workspaces - [ ] Terraform 0.12 @antonbabenko
  59. 59. How to structure Terraform configurations? How to call them? @antonbabenko
  60. 60. Call Terraform modules Use Terraform modules, because amount of resources and code is increasing How to organize Terraform configurations and invoke them? How to orchestrate modules? @antonbabenko
  61. 61. All-in-one Good: Declare variables and outputs in fewer places Bad: Large blast radius Everything is blocked at once Impossible to specify dependencies between modules (depends_on) @antonbabenko
  62. 62. 1-in-1 Good: Smaller blast radius Possible to join invocation Easier and faster to work with Bad: Declare variables and outputs in more places @antonbabenko
  63. 63. Which way do you group your code? All-in-one or 1-in-1? @antonbabenko
  64. 64. All-in-one 1-in-1 or @antonbabenko
  65. 65. Correct MFA (Most Frequent Answer): Somewhere in between @antonbabenko
  66. 66. All-in-one Undefined project scope Fast prototyping and initial development phase Small number of resources & developers Tightly connected resources 1-in-1 Defined project scope Different types of developers can be involved Code reuse is encouraged (across organization and environments) Use Terragrunt @antonbabenko
  67. 67. What about Terraform workspaces? @antonbabenko
  68. 68. – What is a Terraform workspace? “Workspaces allow the use of multiple states with a single configuration directory.” @antonbabenko
  69. 69. Problems with Terraform workspaces Terraform Workspaces aren’t infrastructure-as-code friendly. You can’t answer straight from the code: "How many workspaces do you have?" "What infrastructure has been deployed in workspaceX?" "What is the difference between workspaceX and workspaceY?" Introducing complexity almost in all cases. @antonbabenko
  70. 70. Solution — use re-usable modules instead of workspaces @antonbabenko
  71. 71. - [x] Terraform modules - Yes, must-have! - [x] How to structure Terraform configurations? - [x] One-in-one + terragrunt - [x] Terraform workspaces - No, please! - [x] More directories are easier to work with - [ ] Terraform 0.12 - How it should help us? @antonbabenko Summary
  72. 72. Terraform 0.12 What does it mean for us? @antonbabenko
  73. 73. Who are you? Terraform users vs developers @antonbabenko
  74. 74. Types of Terraform users Terraform developers Terraform users (everyone else) @antonbabenko
  75. 75. Terraform developers Write and support Terraform modules Implement company’s standards (security, encryption, integrations) Maintain reference architectures @antonbabenko
  76. 76. Terraform users (everyone) Use Terraform modules by specifying correct values Domain experts May not have "Terraform" in LinkedIn profile @antonbabenko
  77. 77. Terraform 0.12 for developers DevOps&Terraform developers Allow to implement flexible/dynamic/reusable Terraform modules @antonbabenko
  78. 78. Terraform 0.12 for users Terraform users Like HCL2 lightweight syntax more @antonbabenko
  79. 79. - [x] Terraform 0.12 - Awesome! - [x] 90% of benefits for Terraform developers - [x] 10% of benefits for Terraform users @antonbabenko Summary
  80. 80. Thanks! Questions? github.com/antonbabenko twitter.com/antonbabenko

×