12 Automating Terraform

 

This chapter covers

  • Developing a CI/CD pipeline for automating Terraform deployments
  • Running Terraform at scale
  • Generating Terraform configuration code
  • Toggling dynamic blocks with a conditional expression

If you want to know how to automate running Terraform, this chapter is for you. Until now, I have assumed you are deploying Terraform from your local machine. This is a reasonable assumption for individuals and even small teams, as long as you are using a remote-state backend. On the other hand, large teams and organizations with many individual contributors may benefit from automating Terraform.

In chapter 6, we discussed how HashiCorp has two products to automate running Terraform: Terraform Cloud and Terraform Enterprise. These products are basically the same; Terraform Cloud is simply the software as a service (SaaS) version of Terraform Enterprise. In this chapter, we develop a continuous integration / continuous delivery (CI/CD) pipeline to automate deploying Terraform workspaces, modeled after the design of Terraform Enterprise. The stages of the CI/CD pipeline are shown in figure 12.1.

Figure 12.1 A four-stage CI/CD pipeline for Terraform deployments. Changes to configuration code stored in a version-controlled source (VCS) source repository trigger running terraform plan. If the plan succeeds, manual approval is required before the changes are applied in production.
CH12_F01_Winkler

12.1 Poor person’s Terraform Enterprise

12.1.1 Reverse-engineering Terraform Enterprise

12.1.2 Design details

12.2 Beginning at the root

12.3 Developing a Terraform CI/CD pipeline

12.3.1 Declaring input variables

12.3.2 IAM roles and policies

12.3.3 Building the Plan and Apply stages

12.3.4 Configuring environment variables

12.3.5 Declaring the pipeline as code

12.3.6 Touching base

12.4 Deploying the Terraform CI/CD pipeline

12.4.1 Creating a source repository