Terraform in Action

Scott Winkler

MEAP began July 2019
Publication in October 2020 (estimated)

ISBN 9781617296895
350 pages (estimated)
printed in black & white

Resources

Source code Book Forum Source code on GitHub Slideshare: Manage Your Infrastructure like Your Codebase Serverless made Effortless The Lifecycle of a Terraform Resource Improving Mad Libs with Expressions Provisioning the Autoscaling Group show all

FREE

You can see any available part of this book for free.
Click the table of contents to start reading.

Become a Reviewer

Help us create great books

Become a Reviewer

Help us create great books

Terraform in Action

Scott Winkler

MEAP began July 2019
Publication in October 2020 (estimated)

ISBN 9781617296895
350 pages (estimated)
printed in black & white

The best book about Terraform available at the moment.

Jürgen Hötzel

By treating your infrastructure as a codeable application, you can instantaneously create and launch new components and respond efficiently to changes in demand and other use requirements. Terraform in Action introduces the Infrastructure-as-Code model using the amazing Terraform automation tool, teaching you how to design and manage servers that can be provisioned, shared, changed, tested, and deployed at the touch of a button. Unlock the full potential of Terraform to manage your infrastructure as easily as you manage your codebase.

About the Technology

Terraform is a provisioning tool for building, changing, and combining cloud infrastructure safely and efficiently. By defining infrastructure as code, Terraform empowers its users to deploy their entire stack to the cloud at the touch of a button. This code-based infrastructure can be shared easily among team members, managed using version control, and configured to reliably test new configurations without running the risk of breaking live systems. Easily integrated with all major cloud providers, mastery of Terraform is increasingly essential for anyone with a role working in DevOps, Operations, or SRE.

About the book

Terraform in Action unlocks the full potential of infrastructure you can automate, scale, and manage programmatically using Terraform. Through hands-on projects, including deploying a multiplayer game and a fully-managed Kubernetes cluster, distinguished Terraform expert Scott Winkler shows you how to think in Terraform rather than just copy-paste code. Written to focus on Terraform 0.12 and covering new syntax, the book covers both fundamentals and advanced designs, such as zero-downtime deployments and creating your own Terraform provider. When you’re done, you’ll be able to seamlessly manage Terraform cloud architecture and use Terraform as the basis for a continuous development/continuous delivery platform.

Part 1: Learning the Ropes

1 Getting Started with Terraform

1.1 What makes Terraform so great?

1.1.1 Provisioning Tool

1.1.2 Easy to Use

1.1.3 Free and Open-Source Software

1.1.4 Declarative Programming!

1.1.5 Cloud Agnostic

1.1.6 Richly Expressive and Highly Extendable

1.2 Hello Terraform!

1.2.1 Writing the Terraform Configuration

1.2.2 Configuring the AWS Provider

1.2.3 Initializing Terraform

1.2.4 Deploying the EC2 Instance

1.2.5 Destroying the EC2 Instance

1.3 Brave New Hello World!

1.3.1 Modifying Terraform Configuration

1.3.2 Applying Changes

1.3.3 Destroying Infrastructure

1.4 Fireside Chat

1.5 Summary

2 Lifecycle of a Terraform Resource

2.1 Process Overview

2.1.1 Lifecycle Function Hooks

2.2 Declaring a Local File Resource

2.3 Initializing the Workspace

2.4 Generating an Execution Plan

2.4.1 Inspecting the Plan

2.5 Creating the Local File Resource

2.6 Performing No Op

2.7 Updating the Local File Resource

2.7.1 Detecting Configuration Drift

2.7.2 Terraform Refresh

2.8 Deleting the Local File Resource

2.9 Summary

3 Functional Programming and Advanced Templating Techniques

3.1 First Attempt at Mad Libs

3.1.1 Making the Word Pool

3.1.2 Shuffling the Words

3.1.3 Using Template Data Sources

3.1.4 Outputting to a Local File

3.2 Improving Mad Libs with Expressions

3.2.1 Getting Fancy with For Expressions

3.2.2 Implicit Dependencies

3.2.3 Scaling Resources by Incrementing Count

3.2.4 A Better Way to Template

3.2.5 Compressing Files with an Archive Resource

3.2.6 Applying Changes

3.3 Overview

3.4 Summary

4 Deploying a Multi-Tiered Web Application in AWS

4.1 Motivation

4.2 Architecture Overview

4.3 Modules are Your Friend

4.3.1 Standard Module Structure

4.4 Root Module

4.5 Networking Module

4.6 Database Module

4.6.1 Passing Data from the Networking Module

4.6.2 Generating a Random Password

4.7 Autoscaling Module

4.7.1 Trickling Down Data

4.7.2 Detailed Module Planning

4.7.3 Getting Real with Template Files

4.7.4 Final Touches

4.8 Deploying the Webapp

4.9 Overview

4.10 Summary

Part 2: Terraform in the Wild

5 Serverless Made Easy

5.1 The "Two Penny Website"

5.2 Architecture and Planning

5.2.1 Sorting by Group, then by Size

5.2.2 Problem Solving

5.3 Writing the Code

5.3.1 Resource Group

5.3.2 Storage Container

5.3.3 Storage Blob

5.3.4 Function App

5.3.5 Final Touches

5.4 Deploying to Azure

5.5 Combining Azure Resource Manager (ARM) with Terraform

5.5.1 Deploying Unsupported Resources

5.5.2 Migrating from Legacy Code with the Strangler Façade Pattern

5.5.3 Generating Configuration Code

5.6 Summary

6 Terraform with Friends

6.1 Standard and Enhanced Backends

6.2 Developing an S3 Backend Module

6.2.1 Architecture

6.2.2 Flat Module Structure

6.2.3 Writing the Code

6.3 Sharing Modules

6.3.1 GitHub

6.3.2 Terraform Module Registry

6.4 Everyone Gets an S3 Backend!

6.4.1 Deploying the S3 Backend

6.4.2 Storing State in the S3 Backend

6.5 Reusing Configuration Code with Workspaces

6.5.1 Deploying Multiple Environments with Workspaces

6.5.2 Clean up

6.6 Introducing Terraform Cloud

6.6.1 Getting Started with Terraform Cloud (Optional)

6.7 Overview

6.8 Summary

7 CICD Pipelines as Code

7.1 A Tale of Two Deployments

7.2 CI/CD for Docker Containers on GCP

7.2.1 Designing the Pipeline

7.2.2 Detailed Engineering

7.3 Initial Workspace Setup

7.3.1 Organizing the Directory Structure

7.3.2 Implicit vs Explicit Providers

7.4 Dynamic Configurations and Provisioners

7.4.1 For-Each vs. Count

7.4.2 Executing Scripts with Provisioners

7.4.3 Dealing with Repeating Configuration Blocks

7.4.4 Dynamic Blocks: Rare Boys

7.5 Local-Exec Provisioners "The Golden Hammer"

7.5.1 Null Resource with a Local-Exec Provisioner

7.6 Community and Third-Party Providers

7.6.1 Installing the Shell Provider

7.7 Deploying Static Infrastructure

7.8 CI/CD of a Docker Container

7.9 Overview

7.10 Summary

8 A Multi-Cloud MMORPG

8.1 Hybrid Cloud Load Balancing

8.1.1 Architectural Overview

8.1.2 Code

8.1.3 Deploy

8.2 Deploying an MMORPG on a Federated Nomad Cluster

8.2.1 Cluster Federation 101

8.2.2 Architecture

8.2.3 Stage #1 Base Infrastructure

8.2.4 Deploying Base Infrastructure

8.2.5 Stage #2 Application Infrastructure

8.2.6 Ready Player One

8.3 Rearchitecting the MMORPG to use Managed Services

8.3.1 Code

8.3.2 Ready Player Two

8.4 Fireside Chat

8.5 Summary

Part 3: Becoming a Terraform Guru

9 Zero Downtime Deployments

9.1 Lifecycle Customizations

9.1.1 Zero Downtime Deployments with create_before_destroy

9.1.2 Additional Considerations

9.2 Blue/Green Deployments

9.2.1 Architecture

9.2.2 Code

9.2.3 Deploy

9.2.4 Blue/Green Cutover

9.2.5 Additional Considerations

9.3 Self Service Resource Provisioning

9.3.1 Architecture

9.3.2 Code

9.3.3 Initial Deployment

9.3.4 Tainting and Rotating Access Keys

9.3.5 Tech Debt and the Need to Refactor

9.4 Advanced Terraform State Concepts

9.4.1 Deep Dive into Serials and Lineages

9.5 Performing State File Surgery

9.5.1 Architecture

9.5.2 Code

9.5.3 Importing and Moving Stateful Data

9.5.4 Redeploy

9.5.5 Importing Resources

9.6 Fireside Chat

9.7 Summary

10 Extending Terraform by Writing your own Provider

10.1 Blueprints for a Terraform Provider

10.1.1 Terraform Provider Basics

10.1.2 Petstore Provider Architecture

10.2 Writing the Petstore Provider

10.2.1 Setting up the Go Project

10.2.2 Configuring the Provider Schema

10.3 Defining a Pet Resource

10.3.1 Defining Create() – CRUD Lifecycle Management

10.3.2 Defining Read() – CRUD Lifecycle Management

10.3.3 Defining Update() – CRUD Lifecycle Management

10.3.4 Defining Delete() – CRUD Lifecycle Management

10.4 Writing Acceptance Tests

10.4.1 Testing the Provider Schema

10.4.2 Testing the Pet Resource

10.5 Build, Test, Deploy

10.5.1 Deploy the Petstore API

10.5.2 Test and Build the Provider

10.6 Fireside Chat

10.7 Summary

11 Terraform in Automation

11.1 Poor Man’s Terraform Enterprise

11.1.1 Reverse Engineering Terraform Enterprise

11.1.2 Detailed Engineering

11.2 Beginning at the Root

11.2.1 Writing the Module Wrapper Code

11.3 Developing a Terraform CI/CD Pipeline

11.3.1 Configuring Input Variables

11.3.2 IAM Roles and Policies

11.3.3 Building the Plan and Apply Stages

11.3.4 Configuring Environment Variables

11.3.5 Declaring the Pipeline as Code

11.3.6 Touching Base

11.3.7 Deploying to AWS

11.4 Testing Automated Terraform Workflows

11.4.1 Creating a Source Repository

11.4.2 Queuing a Destroy Run

11.5 Fireside Chat

11.5.1 FAQ

11.6 Summary

12 Secrets Management

12.1 Securing Terraform State

12.1.1 Removing Unnessary Secrets

12.1.2 Least Priviliged Access Control

12.1.3 Encryption at Rest

12.2 Securing Logs

12.2.1 What Sensitive Information?

12.2.2 Dangers of Local-Exec Provisioners

12.2.3 Dangers of External Data Sources

12.2.4 Restricting Access to Logs

12.3 Managing Static Secrets

12.3.1 Environment Variables

12.3.2 Terraform Variables

12.4 Utilizing Dynamic Secrets

12.4.1 HashiCorp Vault

12.4.2 AWS Secrets Manager

12.5 Sentinel and Policy as Code

12.5.1 Writing a Basic Sentinel Policy

12.5.2 Blocking Local-Exec Provisioners

12.6 Final Words

12.7 Summary

What's inside

Cloud architecture with Terraform
Sharing Terraform modules and the private module registry
Running Terraform securely in a multitenant environment
Strategies for performing Blue/Green deployments with Terraform

About the reader

Written for readers experienced with major cloud platforms such as AWS or Google Cloud. Examples are in the Go language.

About the author

Scott Winkler is a distinguished Terraform speaker. He has presented at HashiConf 2018 and HashiTalks 2019 on novel ways to leverage Terraform for the enterprise. His ideas have made their way into the open source community, either through his personal contribution or indirectly through Hashicorp partners. He has trained dozens of DevOps engineers on how to use Terraform and has created comprehensive CICD Terraform solutions for businesses.

placing your order...

Don't refresh or navigate away from the page.

Manning Early Access Program (MEAP) Read chapters as they are written, get the finished eBook as soon as it’s ready, and receive the pBook long before it's in bookstores.

all chapters available