OREILLY 1 Getting started with Terraform This chapter covers + Understanding the syntax of HCL + Fundamental elements and building blocks of Terraform + Setting up a Terraform workspace + Configuring and deploying an Ubuntu virtual machine on AWS, Terraform is a deployment technology for anyone who wants to provision and manage their infrastructure as code (aC). Infrastructure refers pri- marily to cloud-based infrastructure, although anything that could be controlled through an application programming interface (APD) techni- cally qualifies as infrastructure. Infrastructure as code is the process of managing and provisioning infrastructure through machine-readable definition files. We use laC to automate processes that used to be done manually. ‘When we talk about provisioning, we mean the act of deploying infra- structure, as opposed to configuration management, which deals mostly with application delivery, particularly on virtual machines (VMs). Configuration management (CM) tools like Ansible, Puppet, SaltStack, and Chef are extremely popular and have been around for many years. Terraform does not supplant these tools, at least not entirely, because in- frastructure provisioning and configuration management are inherently different problems. That being said, Terraform does perform many of the functions once reserved by CM tools, and many companies find they do not need CM tools after adopting Terraform. The basic principle of Terraform is that it allows you to write human- readable configuration code to define your laC. With configuration code, you can deploy repeatable, ephemeral, consistent environments to ven dors on the public, private, and hybrid clouds (see figure 1.1).Pubic tous eo Deployment argos S_wites Terraform User Cconigurtion ‘es Figure 1.1 Terraform can deploy infrastructure to any cloud or combina- tion of clouds. In this chapter, we start by going over the distinguishing features of Terraform. We talk about the comparative advantages and disadvantages of Terraform in relation to other IaC technologies and what makes Terraform the clear winner. Finally, we look at the quintessential “Hello World!” of Terraform by deploying a single server to AWS and improving it by incorporating some of Terraform’s more dynamic features. 1.1 What makes Terraform so great? There's been a lot of hype about Terraform recently, but is any of it justi- fied? Terraform isn’t the only TaC technology on the block—plenty of other tools do the same thing. How is it that Terraform, a technology in the highly lucrative software deployment market space, can compete with the likes of Amazon, Microsoft, and Google? Six key characteristics make Terraform unique and give it a competitive advantage: + Provisioning tool—Deploys infrastructure, not just applications. + Easy to use—For all of us non-geniuses. + Free and open source—Who doesn’t like free? + Declarative—Say what you want, not how to do it. + Cloud-agnostic—Deploy to any cloud using the same tool. + Expressive and extendable—You aren't limited by the language. Table 1.1 compares Terraform and other IaC tools.Table 1.1 A comparison of popular laC tools fame ey features lprovisioningleasy|free [peclarativcloue 001 to fand lag- juse pen lnosti ource| Ansible (www.ansible.com) x Xx x Chef (www.chefi x Xx x Puppet (www.puppet.com) x Xx x SaltStack (www.saltstack.com) x x Xx x Terraform (www.terraform.io) x x xX Xx x Pulumi (www.pulumi.com) x x x AWS CloudFormation (https://aws.amazon x x x .com/cloudformation) GCP Deployment Manager x x x (https://cloud.google.com/deployment- manager) Azure Resource Manager x x (https://azure.microsoft.com/features/resource- manager) Tech comparison Pulumi is technologically the most similar to Terraform, the only differ- ence being that it’s not declarative. The Pulumi team considers this an ad- vantage over Terraform, but Terraform also has a cloud development kit (CDK) that allows you to do the same thing, AWS CloudFormation was the original inspiration behind Terraform, and GCP Deployment Manager and Azure Resource Manager are cousins. These technologies, while decent, are neither cloud-agnostic nor open source. They only work for a particular cloud vendor and tend to be more verbose and less flexible than Terraform.Ansible, Chef, Puppet, and SaltStack are configuration management (CM) tools, as opposed to infrastructure provisioning tools. They solve a slightly different kind of problem than Terraform does, although there is some overlap. 1.1.1 Provisioning tool Terraform is an infrastructure provisioning tool, not a CM tool. Provisioning tools deploy and manage infrastructure, whereas CM tools like Ansible, Puppet, SaltStack, and Chef deploy software onto existing servers. Some CM tools can also perform a degree of infrastructure provi- sioning, but not as well as Terraform, because this isn’t the task they were originally designed to do. The difference between CM and provisioning tools is a matter of philoso- phy. CM tools favor mutable infrastructure, whereas Terraform and other provisioning tools favor immutable infrastructure, Mutable infrastructure means you perform software updates on existing servers. Immutable infrastructure, by contrast, doesn’t care about existing servers—it treats infrastructure as a disposable commodity. The differ~ ence between the two paradigms can be summarized as a reusable versus disposable mentality. 1.1.2 Easy to use The basics of Terraform are quick and easy to learn, even for non-pro- grammers. By the end of chapter 4, you will have the skills necessary to call yourself an intermediate Terraform user, which is kind of shocking, when you think about it. Achieving mastery is another story, of course, but that’s true for most skills. The main reason Terraform is so easy to use is that the code is written in a domain-specific configuration language called HashiCorp Configuration Language (HCL). It’s a language invented by HashiCorp as a substitute for more verbose configuration languages like JSON and XML. HCL attempts to strike a balance between human and machine readability and was in- fluenced by earlier attempts in the field, such as libucl and Nginx configu- ration, HCL is fully compatible with JSON, which means HCL can be con- verted 1:1 to JSON and vice versa. This makes it easy to interoperate with systems outside of Terraform or generate configuration code on the fly. 1.1.3 Free and open source software The engine that powers Terraform is called Terraform core, a free and open source software offered under the Mozilla Public License v2.0. Thislicense stipulates that anyone is allowed to use, distribute, or modify the software for both private and commercial purposes. Being free is great because you never have to worry about incurring additional costs when using Terraform. In addition, you gain full transparency about the prod- uct and how it works There’s no premium version of Terraform, but business and enterprise solutions are available for running Terraform at scale: Terraform Cloud and Terraform Enterprise. We'll go through what these are in chapter 6; and in chapter 12, we'll develop our own bootleg version of Terraform Enterprise. 1.1.4 Declarative programming Declarative programming means you express the logic of a computation (the what) without describing the control flow (the how). Instead of writ- ing step-by-step instructions, you describe what you want. Examples of declarative programming languages include database query languages (SQL), functional programming languages (Haskell, Clojure), configura- tion languages (XML, JSON), and most IaC tools (Ansible, Chef, Puppet). Declarative programming is in contrast to imperative (or procedural) pro- gramming. Imperative programming languages use conditional branch- ing, loops, and expressions to control system flow, save state, and execute commands. Nearly all traditional programming languages are imperative (Python, Java, C, ete.) NOTE Declarative programming cares about the destination, not the jour- ney. Imperative programming cares about the journey, not the destination. 1.1.5 Cloud-agnostic Cloud-agnostic means being able to seamlessly run on any cloud platform using the same set of tools and workflows. Terraform is cloud-agnostic because you can deploy infrastructure to AWS just as easily as you could to GCP, Azure, or even a private datacenter (see figure 1.2). Being cloud- agnostic is important because it means you aren’t locked in to a particu- Jar cloud vendor and don’t have to learn a whole new technology every time you switch cloud vendors.