Terraform modules and (some of) best practices
0 likes904 views
The document discusses best practices for using Terraform modules within AWS, emphasizing the importance of organization and management of infrastructure as code. It highlights common pitfalls to avoid, such as using providers and provisioners within modules, and suggests utilizing community-supported Terraform modules for efficiency. Additionally, it introduces tools like Terragrunt for orchestration and Cloudcraft for visualizing AWS infrastructure.
![- [ ] How to write modules
- [ ] How to use modules](https://image.slidesharecdn.com/terraform-modules-and-best-practices-november-2018-zurich-181122085759/85/Terraform-modules-and-some-of-best-practices-25-320.jpg)
![- [x] How to write modules
- [x] Do not write, if possible
- [x] Do not use: providers and provisioners
- [ ] How to use modules](https://image.slidesharecdn.com/terraform-modules-and-best-practices-november-2018-zurich-181122085759/85/Terraform-modules-and-some-of-best-practices-42-320.jpg)
![- [x] How to write modules
- [x] How to use modules
- [x] 1-in-1 much better over time
- [x] Orchestration = Terragrunt
- [ ] What is next?](https://image.slidesharecdn.com/terraform-modules-and-best-practices-november-2018-zurich-181122085759/85/Terraform-modules-and-some-of-best-practices-58-320.jpg)
Terraform modules and (some of) best practices
- 1. Terraform modules and (some of) best-practices Anton Babenko @antonbabenko November 2018
- 2. Anton Babenko Terraform AWS fanatic since 2015. HUG, AWS, DevOps Norway, DevOpsDays Oslo… I 💚 open-source: terraform-community-modules + terraform-aws-modules antonbabenko/pre-commit-terraform — auto-formatting code and documentation antonbabenko/modules.tf-lambda — Terraform configurations from visual diagrams www.terraform-best-practices.com medium.com/@anton.babenko @antonbabenko - Twitter, and many Slacks
- 3. Collection of open-source Terraform AWS modules supported by the community. More than 1,5 million downloads. (VPC, Autoscaling, RDS, Security Groups, ELB, ALB, Redshift, SNS, SQS, IAM, EKS, ECS…) github.com/terraform-aws-modules registry.terraform.io/modules/terraform-aws-modules
- 4. Write, plan and manage infrastructure as code www.terraform.io
- 5. Google Cloud Deployment Manager Azure Resource Manager
- 8. Terraform — is a universal tool to manage anything that has an API GSuite Dropbox files and access New Relic metrics Datadog users and metrics Bugs in Jira All Terraform providers
- 9. VPC, please!
- 15. Problems Code size is growing Complicated dependencies
- 16. Solution — Terraform modules
- 17. Terraform modules are self-contained packages of Terraform configurations that are managed as a group.
- 18. Resource modules Only create resources in a very flexible way Open-source
- 19. Resource modules
- 21. Infrastructure modules Consist of resource modules Company standards and tags Pre-processors, jsonnet, cookiecutter
- 24. Types of Terraform modules Resource modules (terraform-aws-modules, for example) Infrastructure modules
- 26. Tip №0 Check Terraform Registry before writing new resource module.
- 27. Hide specifics
- 30. Size
- 32. Things to avoid in Terraform modules
- 33. Exception: logical providers (template, random, local, http, external) Providers in modules — bad
- 35. Provisioner — bad Avoid provisioners in all resources
- 36. Provisioner — bad Avoid provisioners even inside EC2 resources
- 37. Provisioner — bad Avoid provisioners even inside EC2 resources
- 40. null_resource provisioner — good
- 41. Traits of good Terraform modules Documentation and examples Feature-rich Sane defaults Clean code Tests Read more: http://bit.ly/common-traits-in-terraform-modules
- 43. How to use Terraform modules Many resources, many modules How to organize and use them? How to orchestrate them?
- 44. All in one Good: Declare variables and outputs in fewer places Bad: Large blast radius Everything is blocked at once Not possible to specify dependenies between modules (depends_on)
- 45. 1-in-1 Good: Small blast radius Possible to chain calls Faster and easier to work with Bad: Declare variables and outputs in several places
- 46. How is it in your project? "All in one" or 1-in-1 ?
- 47. Correct Most frequent answer: "somewhere in between" + "it depends"
- 48. What about orchestration in your project?
- 50. Do not try this at home!
- 51. Orchestration = Terragrunt https://github.com/gruntwork-io/terragrunt/
- 56. Edge cases Different AWS regions (S3 signature, EC2 ClassicLink, IPv6) Age of AWS accounts Limits in AWS
- 57. Avoid in Terraform Non-sensitive arguments in CLI. Put them in tfvars file. • -target • -parallelism "Terraform workspaces" => separate directory Dependency hell in modules
- 59. Terraform 0.12 HCL2 — simplified syntax Loops ("for") Dynamic blocks ("for_each") Correct operations of comparison (… ? … : …) Extended types in variables Templates in string values Links between all resources everywhere (depends_on) Read more — https://www.hashicorp.com/blog/terraform-0-1-2-preview
- 60. Summary Write less and simpler — Terraform 0.12 will not fix your code for you Use existing modules and tools
- 61. BONUS
- 64. cloudcraft.co features Manage AWS components in browser (EC2 instances, autoscaling groups, RDS, etc) Connect components Import live AWS infrastructure Calculate the budget Share link to a blueprint Export as image Embed drawing to wiki, Confluence, etc
- 67. Infrastructure as code generator — from visual diagrams to Terraform
- 68. ✓ cloudcraft.co — design, plan and visualize ✓ terraform-aws-modules — building blocks of AWS infrastructure ✓ Terraform — infrastructure as code
- 69. modules.tf notes ✓ Available for all users: https://cloudcraft.co/ ✓ Generates potentially ready-to-use Terraform configurations ✓ Suits best for bootstrapping ✓ Enforces Terraform best practices ✓ Batteries included (terraform-aws-modules, terragrunt, pre-commit, …) ✓ 100% free for all & open-source (https://github.com/antonbabenko/ modules.tf-lambda ) ✓ Want to sponsor, or a sticker? Contact me.
- 70. modules.tf demo
- 71. Thanks! Questions? In progress — www.terraform-best-practices.com github.com/antonbabenko twitter.com/antonbabenko
- 72. Thanks to my supporters!
- 73. Cloudcraft — the best way to draw AWS diagrams cloudcraft.co