In this talk I go over how Bankrate leveraged Terraform to go from a company where infrastructure was provisioned via tickets to a team to a company where developers fully own their own infrastructure. No tickets, no paging for help, no bottlenecks - just education and enablement. Interested in hearing the talk? Please reach out!

1. Terraform:
The Road to
Self-Service

2. Ryan Boyce
- Bankrate Platform
Engineer
- Ramenhead
GitHub: github.com/majoras-masque
LinkedIn: linkedin.com/in/boyceryan/
2

3. Overview
What’re we doing here again?
3

4. Overview
➝ Burning questions
➝ Terraform basics
➝ Where we were
➝ Where we are now
➝ How did WE get here?
➝ Terraform Enterprise basics
➝ Key takeaways
➝ Questions
4

5. Burning Questions
I know someone is waiting to ask...
5

6. Burning Questions
➝ Why are using Terraform if you’re an AWS shop?
⇾ Cloud Agnostic
⇾ QoL
⇾ Project Organization and Referencing
6

7. Burning Questions
➝ What KPI’s did you measure along the way?
⇾ None officially
￫ Enabled by leadership buy-in and trust,
developer feedback
⇾ Unplanned Work (Jira)
➝ What KPI’s should I measure?
⇾ Provisioning Time
⇾ Unplanned Work
⇾ Developer Satisfaction
7

8. Terraform Basics
A map so you’re not lost tonight
8

9. Terraform Basics
➝ Workflow
⇾ Write, Init, Plan, Apply…
⇾ State file
➝ Modules
9

10. Terraform Basics
Heads up...
➝ HCL 2.0 released! (Terraform >= 0.12)
⇾ First-class expressions
￫ “${var.foo}” becomes var.foo
⇾ For-loops for iterating lists/maps
⇾ Ternary conditionals for all data types
⇾ Rich types in modules (e.g. map with mixed
value types)
⇾ Dynamic child-block generation from
maps/list
⇾ etc...
10

11. Terraform Basics
Providers
11
➝ 110 official providers, many more community
providers
⇾ Examples: AWS, Rancher, PagerDuty,
DataDog, NewRelic, Fastly, GitHub,
SignalFx, etc.
➝ Provides a set of “resources” than can be
created/managed via Terraform

12. Terraform Basics
Example
12

13. Terraform Basics
State Files
13
➝ State File
⇾ Maps resources in code to resources in
cloud
⇾ JSON Format
⇾ Can be stored locally, or remotely
￫ Store it remotely, not in VC...
- Great example:
- https://thorsten-hans.com/terraform-state-
demystified

14. Terraform Basics
State File
14

15. 15

16. Terraform Basics
Remote State
16
➝ State file can be stored in S3, Artifactory,
Terraform Cloud, etc
⇾ Can even be in custom file server with an api
in front of it
➝ Can be referenced by other projects
⇾ A lot of power here!

17. Terraform Basics
Remote State Referencing
17

18. Terraform Basics - Modules
18

19. Where we were
Stuck in the middle with you
19

20. Where we were
20
➝ New Infrastructure
⇾ Ticket System
➝ Something Breaks
⇾ In the cloud? Over the wall!
➝ Why it wasn’t sustainable
⇾ Cloud Bottleneck
⇾ All time writing TF
⇾ Cloud wasn’t evolving
￫ Content with existing modules, etc
⇾ Developers weren’t learning/growing
￫ How their app ran in the cloud
￫ How to design cloud-native

21. Where we were
Aside: Thinking Cloud-Native
21
➝ What does that even mean?
⇾ Asking the right questions:
￫ 1.) Are we rebuilding something
someone else already wrote?
￫ 2.) Are we using the best tools for the
job?
￫ 3.) Are we writing code for our laptops
or for the cloud?

22. Where we are now
Unicorns and rainbows baby*
22*Okay not quite...

23. Where we are now
23
➝ New Infrastructure
⇾ Developers write, approve, apply without our
team knowing or helping
⇾ Infra code goes right with app code
➝ Something Breaks
⇾ Developers are involved, often first
responders
➝ Developer Requests Transformed
⇾ Reactive turned Proactive

24. How did WE get here?
Our journey to self-service, your experience may vary...
24

25. How’d WE get here?
25
➝ Timeline: Creating new infrastructure
➝ Key Steps
⇾ Developer Education
⇾ Terraform Modules
⇾ Terraform Enterprise

26. How’d WE get here?
Timeline: Creating new infrastructure
26
➝ Ticket with an app name
➝ Tickets had actual details like “ASG, scales on
CPU, Postgres DB with X,Y Needs, Fastly"
➝ Pairing on infrastructure tickets
➝ Devs write, PR’s in, we fix
➝ Devs write, PR’s in, we merge/apply (longest
phase)
⇾ Opened up QA, Prod still lagging...
➝ Devs write, pair on Terraform Enterprise (TFE)
applies
➝ Devs write, devs apply

27. How’d WE get here?
Terraform Modules -> Developer Education -> Terraform Enterprise
27
➝ Started monolithic: call once, creates everything
⇾ Not modular, hard to version
➝ Evolved to submodules strategy
➝ Essentials:
⇾ Plug and Play
⇾ Assumptions are defaults, not rails
⇾ Cowpath not railroad tracks
⇾ Purpose
￫ Faster than rewriting
￫ Enforcing some standards

28. How’d WE get here?
Terraform Modules -> Developer Education -> Terraform Enterprise
28
➝ Pairing + Lunch & Learns
➝ Documentation, coursework, examples
➝ Peers start teaching each other
⇾ (Unicorns start appearing during this phase)

29. How’d WE get here?
Terraform Modules -> Developer Education -> Terraform Enterprise
29
➝ Gifts from the Hashicorp Gods:
⇾ Remote-state locking
⇾ Pipelines
⇾ Audit Trails
⇾ Better scoped Access
￫ AWS
￫ TFE Itself

30. Terraform Enterprise
Basics
“Enterprise”? It must be better!
30

31. Terraform Enterprise Basics
Problems to solve as you expand
31
➝ Collab (state issues)
➝ Pipelines
➝ Enforcing code standards
➝ Audit trails
➝ Keeping code consistent between environments

32. Terraform Enterprise Basics
High Level Overview
32
➝ Workspaces
⇾ Workspace vars
⇾ State files
➝ Modules
⇾ Enter: Semantic Versioning
➝ Sentinel
⇾ Policy enforcement
➝ Workflow
⇾ VCS, CLI, API driven workflows

33. Terraform Enterprise Basics
Workspaces - Enabling CI/CD, Consistency, and Collab
33

34. Terraform Enterprise Basics
Modules - Fixing versioning, updates, and consistency
34
➝ Semantic Versioning

35. Terraform Enterprise Basics
Sentinel - Fixing consistency, upholding standards
35
➝ Policy-as-Code
⇾ Examples:
￫ S3 Buckets must be private
￫ No IAM Policies that allow IAM:*
￫ Mandatory tags
￫ Pre-approved modules

36. 36

37. Terraform Enterprise Basics
Workflow - Fixing CI/CD, enabling experimentation
37
➝ VCS-Driven Workflow
➝ CLI-Driven Workflow
➝ API-Driven Workflow

38. Terraform Enterprise Basics
Workflow - VCS-Driven Workflow
38
➝ Webhook into GitHub/BitBucket
⇾ Points to folder/branch
⇾ Triggers when change happens on that
branch
➝ My 2-Cents: Terrible
⇾ Doesn’t support release-based dev
⇾ Encourages different code for QA/Prod
⇾ Hard to iterate/test

39. Terraform Enterprise Basics
Workflow - CLI-Driven Workflow
39
➝ Runs triggered from anywhere via CLI
⇾ Local laptop
⇾ CI/CD
￫ https://circleci.com/orbs/registry/orb/ba
nkrate/terraform
➝ Great for automation/pipelines
➝ Great for experimentation, local development
➝ Encourages single copy of code for QA/Prod

40. Terraform Enterprise Basics
Workflow - API-Driven Workflow
40
➝ Just don’t...

41. Key Takeaways
But that guy at the meetup told me to...
41

42. Key Takeaways
Terraform Best Practices
42
➝ Build your own vs the cost of TFE
➝ Modules should be modular
➝ Cow Path not Rail Road

43. Key Takeaways
Cultural
43
➝ Just build a platform? No.
⇾ Where are you on your journey?
⇾ Work with devs, leaders to determine end
goal
➝ Organization size and needs determine your
course
⇾ Embedded engineers
⇾ Tooling Team
⇾ Treading Water
➝ Devs need to be engaged: this is a cultural shift
⇾ Trust your devs
➝ Leaders need to be educated
⇾ Book Club: Accelerate, DevOps Handbook,
etc

44. Questions?
Q & maybe A?
44