Terraform - Up and Running: Writing Infrastructure as Code

Product Information

This book is the fastest way to get up and running with Terraform, an open source tool that allows you to define Terraform Up and Running is a great introduction and guide to becoming "able" with terraform to server provision with AWS.

Terraform has become a key player in the DevOps world for defining, launching, and managing infrastructure as code (IaC) across a variety of cloud and virtualization platforms, including AWS, Google Cloud, Azure, and more. This hands-on second edition, expanded and thoroughly updated for Terraform version 0.12 and beyond, shows you the fastest way to get up and running. I really enjoyed the whole read. Apart from Appendix A, Recommended Reading section, which includes quite good resources too, the conclusion part of each chapter summarizes the aspects mentioned in that chapter, and explains the related footnotes in the chapter. Some of those footnotes were eminently interesting, some of them I already knew.I have been using Terraform at work for a couple of weeks. The setup was created by co-workers and I wanted to dive into this book to learn a bit more about TF on top of what I've already learned via d2d work. The book does a very, very solid job of teaching you how to use terraform right and not mess with your state. However there is another approach presented on how to prevent state file concurrency issues by using a CI to apply server provisioning. Of course this is limited to good will and sanity of other team members still not running terraform apply by themselves since I am not aware of an option preventing terraform users of running apply at all. For instructions on running the code, please consult the README in each folder, and, of course, the

Terraform: Up & Running is now on its 3rd edition; all the code in master is for this edition. If you're looking The second ingredient is to strictly limit what the CI server can do once it has authenticated: for example, in the OIDC snippet above, you’ll want to severely limit the permissions in that IAM role. But then how do you handle the admin permissions you need to deploy arbitrary Terraform changes? Since this code comes from a book about Terraform, the vast majority of the code consists of Terraform examples in theThere are several ingredients to setting up a secure CI / CD pipeline for Terraform. The first ingredient is to handle credentials on your CI server securely. The 3rd edition of the book adds examples of using environment variables, IAM roles, and arguably the most secure option of all, OpenID Connect (OIDC). Chapter 6 includes an example of using OIDC with GitHub Actions to authenticate to AWS, via an IAM role, without having to manage any credentials at all: # Authenticate to AWS using OIDC Therefore, except for a few niche cases, I recommend the cloud native approach. This is also the approach that Terraform is designed for: you can use Terraform with multiple clouds, but you have to write separate code for each cloud, using the providers and resources native to that cloud. Therefore, even for multi-cloud deployments, it’s unusual to build a single Terraform module that deploys into multiple clouds (that is, uses multiple different providers in one module); it’s much more common to keep the code for each cloud in separate modules.