Automating Infrastructure with IAC Using Terraform Cloud

Introduction

Terraform Cloud is a managed service that provides you with Terraform CLI to provision infrastructure, either on demand or in response to various events.

By default, Terraform CLI performs operation on the server whenever it is invoked, it is perfectly fine if we have a dedicated role who can launch it, but if we have a team working with Terraform – we need a consistent remote environment with remote workflow and shared state to run Terraform commands.

Terraform Cloud executes Terraform commands on disposable virtual machines, this remote execution is also called remote operations.

Migrate .tf codes to Terraform Cloud §

1. I create a new repository in my GitHub and call terraform-cloud and push the Terraform codes developed in the previous projects to the repository.

2. Create a Terraform Cloud account

3. Create an organization Select “Start from scratch”, choose a name for your organization and create it.

4. Configure a workspace

   We will use a version control workflow, which is the most common and recommended way to run Terraform commands triggered from our Git repository.

   

   We will be prompted to connect our GitHub account to our workspace – I follow the prompt and add our newly created repository terraform-cloud to the workspace.

   
   

4. Configure variables

   Terraform Cloud supports two types of variables: environment variables and Terraform variables. Either type can be marked as sensitive, which prevents them from being displayed in the Terraform Cloud web UI and makes them write-only.

   I’ll select Environment variable

   I set two environment variables: AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, using the same values as in PART1_PROJECT_16 . These credentials will be used to provision the AWS infrastructure by Terraform Cloud.

   

After we set these 2 environment variables – Terraform Cloud is all set to apply the codes from GitHub and create all the necessary AWS resources.

The Workspace name, terraform-cloud was assigned automatically based on the repo name

5. Now it is time to run our Terraform scripts. I run terraform plan and terraform apply from web console

   

Then I run terraform destroy to bring down the infrastructure

So far I triggered the provisioning via UI. But since we have an integration with GitHub, the process can be triggered automatically.

I’ll change something in the README and look at “Runs” tab again – plan must be launched automatically, but to apply I still need to approve manually.

Since provisioning of new Cloud resources might incur significant costs. Even though we can configure “Auto apply”, it is always a good idea to verify the plan results before pushing it to apply to avoid any misconfigurations that can cause ‘bill shock’.