Terraform in Action
Scott Winkler
  • MEAP began July 2019
  • Publication in January 2021 (estimated)
  • ISBN 9781617296895
  • 350 pages (estimated)
  • printed in black & white

The best book about Terraform available at the moment.

Jürgen Hötzel

By treating your infrastructure as a codeable application, you can instantaneously create and launch new components and respond efficiently to changes in demand and other use requirements. Terraform in Action introduces the Infrastructure-as-Code model using the amazing Terraform automation tool, teaching you how to design and manage servers that can be provisioned, shared, changed, tested, and deployed at the touch of a button. Unlock the full potential of Terraform to manage your infrastructure as easily as you manage your codebase.

About the Technology

Terraform is a provisioning tool for building, changing, and combining cloud infrastructure safely and efficiently. By defining infrastructure as code, Terraform empowers its users to deploy their entire stack to the cloud at the touch of a button. This code-based infrastructure can be shared easily among team members, managed using version control, and configured to reliably test new configurations without running the risk of breaking live systems. Easily integrated with all major cloud providers, mastery of Terraform is increasingly essential for anyone with a role working in DevOps, Operations, or SRE.

About the book

Terraform in Action unlocks the full potential of infrastructure you can automate, scale, and manage programmatically using Terraform. Through hands-on projects, including deploying a multiplayer game and a fully-managed Kubernetes cluster, distinguished Terraform expert Scott Winkler shows you how to think in Terraform rather than just copy-paste code. Written to focus on Terraform 0.12 and covering new syntax, the book covers both fundamentals and advanced designs, such as zero-downtime deployments and creating your own Terraform provider. When you’re done, you’ll be able to seamlessly manage Terraform cloud architecture and use Terraform as the basis for a continuous development/continuous delivery platform.

Table of Contents detailed table of contents

Part 1: Learning the Ropes

1 Getting Started with Terraform

1.1 What makes Terraform so great?

1.1.1 Provisioning Tool

1.1.2 Easy to Use

1.1.3 Free and Open-Source Software

1.1.4 Declarative Programming!

1.1.5 Cloud Agnostic

1.1.6 Richly Expressive and Highly Extendable

1.2 Hello Terraform!

1.2.1 Writing the Terraform Configuration

1.2.2 Configuring the AWS Provider

1.2.3 Initializing Terraform

1.2.4 Deploying the EC2 Instance

1.2.5 Destroying the EC2 Instance

1.3 Brave New Hello World!

1.3.1 Modifying Terraform Configuration

1.3.2 Applying Changes

1.3.3 Destroying Infrastructure

1.4 Fireside Chat

1.5 Summary

2 Lifecycle of a Terraform Resource

2.1 Process Overview

2.1.1 Lifecycle Function Hooks

2.2 Declaring a Local File Resource

2.3 Initializing the Workspace

2.4 Generating an Execution Plan

2.4.1 Inspecting the Plan

2.5 Creating the Local File Resource

2.6 Performing No Op

2.7 Updating the Local File Resource

2.7.1 Detecting Configuration Drift

2.7.2 Terraform Refresh

2.8 Deleting the Local File Resource

2.9 Summary

3 Functional Programming

3.1 Generating a Mad Libs

3.1.1 Input Variables

3.1.2 Assigning Values with a Variable Definition File

3.1.3 Validating Variables

3.1.4 Shuffling Lists

3.1.5 Functions

3.1.6 Output Values

3.1.7 Templates

3.1.8 Printing Output

3.2 Generating Many Mad Libs

3.2.1 For Expressions

3.2.2 Local Values

3.2.3 Implicit Dependencies

3.2.4 Count Parameter

3.2.5 Conditional Expressions

3.2.6 More Templates

3.2.7 Local File

3.2.8 Zipping Files

3.2.9 Applying Changes

3.3 Fireside Chat

3.4 Summary

4 Deploying a Multi-Tiered Web Application in AWS

4.1 Motivation

4.2 Architecture Overview

4.3 Modules are Your Friend

4.3.1 Standard Module Structure

4.4 Root Module

4.5 Networking Module

4.6 Database Module

4.6.1 Passing Data from the Networking Module

4.6.2 Generating a Random Password

4.7 Autoscaling Module

4.7.1 Trickling Down Data

4.7.2 Detailed Module Planning

4.7.3 Getting Real with Template Files

4.7.4 Final Touches

4.8 Deploying the Webapp

4.9 Overview

4.10 Summary

Part 2: Terraform in the Wild

5 Serverless Made Easy

5.1 The "Two Penny Website"

5.2 Architecture and Planning

5.2.1 Sorting by Group, then by Size

5.2.2 Problem Solving

5.3 Writing the Code

5.3.1 Resource Group

5.3.2 Storage Container

5.3.3 Storage Blob

5.3.4 Function App

5.3.5 Final Touches

5.4 Deploying to Azure

5.5 Combining Azure Resource Manager (ARM) with Terraform

5.5.1 Deploying Unsupported Resources

5.5.2 Migrating from Legacy Code with the Strangler Façade Pattern

5.5.3 Generating Configuration Code

5.6 Summary

6 Terraform with Friends

6.1 Standard and Enhanced Backends

6.2 Developing an S3 Backend Module

6.2.1 Architecture

6.2.2 Flat Module Structure

6.2.3 Writing the Code

6.3 Sharing Modules

6.3.1 GitHub

6.3.2 Terraform Module Registry

6.4 Everyone Gets an S3 Backend!

6.4.1 Deploying the S3 Backend

6.4.2 Storing State in the S3 Backend

6.5 Reusing Configuration Code with Workspaces

6.5.1 Deploying Multiple Environments with Workspaces

6.5.2 Clean up

6.6 Introducing Terraform Cloud

6.6.1 Getting Started with Terraform Cloud (Optional)

6.7 Overview

6.8 Summary

7 CICD Pipelines as Code

7.1 A Tale of Two Deployments

7.2 CI/CD for Docker Containers on GCP

7.2.1 Designing the Pipeline

7.2.2 Detailed Engineering

7.3 Initial Workspace Setup

7.3.1 Organizing the Directory Structure

7.3.2 Implicit vs Explicit Providers

7.4 Dynamic Configurations and Provisioners

7.4.1 For-Each vs. Count

7.4.2 Executing Scripts with Provisioners

7.4.3 Dealing with Repeating Configuration Blocks

7.4.4 Dynamic Blocks: Rare Boys

7.5 Local-Exec Provisioners "The Golden Hammer"

7.5.1 Null Resource with a Local-Exec Provisioner

7.6 Community and Third-Party Providers

7.6.1 Installing the Shell Provider

7.7 Deploying Static Infrastructure

7.8 CI/CD of a Docker Container

7.9 Overview

7.10 Summary

8 A Multi-Cloud MMORPG

8.1 Hybrid Cloud Load Balancing

8.1.1 Architectural Overview

8.1.2 Code

8.1.3 Deploy

8.2 Deploying an MMORPG on a Federated Nomad Cluster

8.2.1 Cluster Federation 101

8.2.2 Architecture

8.2.3 Stage #1 Base Infrastructure

8.2.4 Deploying Base Infrastructure

8.2.5 Stage #2 Application Infrastructure

8.2.6 Ready Player One

8.3 Rearchitecting the MMORPG to use Managed Services

8.3.1 Code

8.3.2 Ready Player Two

8.4 Fireside Chat

8.5 Summary

Part 3: Becoming a Terraform Guru

9 Zero Downtime Deployments

9.1 Lifecycle Customizations

9.1.1 Zero Downtime Deployments with create_before_destroy

9.1.2 Additional Considerations

9.2 Blue/Green Deployments

9.2.1 Architecture

9.2.2 Code

9.2.3 Deploy

9.2.4 Blue/Green Cutover

9.2.5 Additional Considerations

9.3 Configuration Management

9.3.1 Combining Terraform with Ansible

9.3.2 Code

9.3.3 Infrastructure Deployment

9.3.4 Application Deployment

9.4 Fireside Chat

9.5 Summary

10 Refactoring and Testing

10.1 Self Service Infrastructure Provisioning

10.1.1 Architecture

10.1.2 Code

10.1.3 Preliminary Deployment

10.1.4 Tainting and Rotating Access Keys

10.2 Refactoring Terraform Configuration

10.2.1 Modularizing Code

10.2.2 Module Expansions

10.2.3 Replacing Multi-Line Strings with Local Values

10.2.4 Looping Through Multiple Module Instances

10.2.5 New IAM Module

10.3 Migrating Terraform State

10.3.1 State File Structure

10.3.2 Moving Resources

10.3.3 Redeploy

10.3.4 Importing Resources

10.4 Testing Infrastructure as Code

10.4.1 Writing a Basic Terraform Test

10.4.2 Test Fixtures

10.4.3 Running Tests

10.5 Fireside Chat

10.6 Summary

11 Extending Terraform by Writing Your Own Provider

11.1 Blueprints for a Terraform Provider

11.1.1 Terraform Provider Basics

11.1.2 Petstore Provider Architecture

11.2 Writing the Petstore Provider

11.2.1 Setting up the Go Project

11.2.2 Configuring the Provider Schema

11.3 Defining a Pet Resource

11.3.1 Defining Create() – CRUD Lifecycle Management

11.3.2 Defining Read() – CRUD Lifecycle Management

11.3.3 Defining Update() – CRUD Lifecycle Management

11.3.4 Defining Delete() – CRUD Lifecycle Management

11.4 Writing Acceptance Tests

11.4.1 Testing the Provider Schema

11.4.2 Testing the Pet Resource

11.5 Build, Test, Deploy

11.5.1 Deploy the Petstore API

11.5.2 Test and Build the Provider

11.6 Fireside Chat

11.7 Summary

12 Terraform in Automation

12.1 Poor Man’s Terraform Enterprise

12.1.1 Reverse Engineering Terraform Enterprise

12.1.2 Detailed Engineering

12.2 Beginning at the Root

12.2.1 Writing the Module Wrapper Code

12.3 Developing a Terraform CI/CD Pipeline

12.3.1 Configuring Input Variables

12.3.2 IAM Roles and Policies

12.3.3 Building the Plan and Apply Stages

12.3.4 Configuring Environment Variables

12.3.5 Declaring the Pipeline as Code

12.3.6 Touching Base

12.3.7 Deploying to AWS

12.4 Testing Automated Terraform Workflows

12.4.1 Creating a Source Repository

12.4.2 Queuing a Destroy Run

12.5 Fireside Chat

12.5.1 FAQ

12.6 Summary

13 Secrets Management

13.1 Securing Terraform State

13.1.1 Removing Unnessary Secrets

13.1.2 Least Priviliged Access Control

13.1.3 Encryption at Rest

13.2 Securing Logs

13.2.1 What Sensitive Information?

13.2.2 Dangers of Local-Exec Provisioners

13.2.3 Dangers of External Data Sources

13.2.4 Restricting Access to Logs

13.3 Managing Static Secrets

13.3.1 Environment Variables

13.3.2 Terraform Variables

13.4 Utilizing Dynamic Secrets

13.4.1 HashiCorp Vault

13.4.2 AWS Secrets Manager

13.5 Sentinel and Policy as Code

13.5.1 Writing a Basic Sentinel Policy

13.5.2 Blocking Local-Exec Provisioners

13.6 Final Words

13.7 Summary

Appendixes

Appendix A: Creating Custom Resources with the Shell Provider

A.1 Installing the Provider

A.2 Using the Provider

A.3 Final Thoughts

What's inside

  • Cloud architecture with Terraform
  • Sharing Terraform modules and the private module registry
  • Running Terraform securely in a multitenant environment
  • Strategies for performing Blue/Green deployments with Terraform

About the reader

Written for readers experienced with major cloud platforms such as AWS or Google Cloud. Examples are in the Go language.

About the author

Scott Winkler is a distinguished Terraform speaker. He has presented at HashiConf 2018 and HashiTalks 2019 on novel ways to leverage Terraform for the enterprise. His ideas have made their way into the open source community, either through his personal contribution or indirectly through Hashicorp partners. He has trained dozens of DevOps engineers on how to use Terraform and has created comprehensive CICD Terraform solutions for businesses.

placing your order...

Don't refresh or navigate away from the page.
Manning Early Access Program badge
Manning Early Access Program (MEAP) Read chapters as they are written, get the finished eBook as soon as it’s ready, and receive the pBook long before it's in bookstores.

all chapters available

100% Complete
print book $29.99 $49.99 pBook + eBook + liveBook
Additional shipping charges may apply
Terraform in Action (print book) added to cart
continue shopping
go to cart
eBook $31.99 $39.99 3 formats + liveBook
Terraform in Action (eBook) added to cart
continue shopping
go to cart
Prices displayed in rupees will be charged in USD when you check out.
customers also bought
customers also reading
This book 1-hop 2-hops 3-hops

FREE domestic shipping on three or more pBooks

related titles