Terraform modules and (some of) best practices

Terraform modules and (some of)
best-practices
Anton Babenko
@antonbabenko
December 2018

Anton Babenko
Terraform AWS fanatic since 2015.
HUG, AWS, DevOps Norway, DevOpsDays Oslo…
I 💚 open-source:
terraform-community-modules + terraform-aws-modules
antonbabenko/pre-commit-terraform — auto-formatting code and documentation
antonbabenko/modules.tf-lambda — Terraform conﬁgurations from visual diagrams
www.terraform-best-practices.com
medium.com/@anton.babenko
@antonbabenko - Twitter, and many Slacks

Collection of open-source Terraform AWS modules supported by the community.
More than 2 millions downloads.
(VPC, Autoscaling, RDS, Security Groups, ELB, ALB, Redshift, SNS, SQS, IAM, EKS, ECS…)
github.com/terraform-aws-modules
registry.terraform.io/modules/terraform-aws-modules

Write, plan and manage infrastructure as code
www.terraform.io

Google Cloud
Deployment Manager
Azure Resource
Manager

Terraform modules and (some of) best practices

Terraform — is a universal tool to manage
anything that has an API
GSuite
Dropbox ﬁles and access
New Relic metrics
Datadog users and metrics
Bugs in Jira
All Terraform providers

Problems
Code size is growing
Complicated dependencies

Solution — Terraform modules

Terraform modules are self-contained
packages of Terraform conﬁgurations that are
managed as a group.

Resource modules
Only create resources in a very ﬂexible way
Open-source

Infrastructure modules
Consist of resource modules
Company standards and tags
Pre-processors, jsonnet, cookiecutter

Types of Terraform modules
Resource modules (terraform-aws-modules, for example)
Infrastructure modules

- [ ] How to write modules
- [ ] How to use modules

Tip №0
Check Terraform Registry before writing new resource module.

Size
https://github.com/mbtproject/mbt

Things to avoid in Terraform modules

Exception: logical providers (template, random, local, http, external)
Providers in modules — bad

Provisioner — bad
Avoid provisioners in all resources

Provisioner — bad
Avoid provisioners even inside EC2 resources

null_resource provisioner — good

Traits of good Terraform modules
Documentation and examples
Feature-rich
Sane defaults
Clean code
Tests
Read more: http://bit.ly/common-traits-in-terraform-modules

- [x] How to write modules
- [x] Do not write, if possible
- [x] Do not use: providers and provisioners
- [ ] How to use modules

How to use Terraform modules
Many resources, many modules
How to organize and use them?
How to orchestrate them?

All in one
Good:
Declare variables and outputs in
fewer places
Bad:
Large blast radius
Everything is blocked at once
Not possible to specify dependenies
between modules (depends_on)

1-in-1
Good:
Small blast radius
Possible to chain calls
Faster and easier to work with
Bad:
Declare variables and outputs
in several places

How is it in your project?
"All in one" or 1-in-1 ?

Correct
Most frequent answer:
"somewhere in between" + "it depends"

What about orchestration in your project?
-target
Makeﬁle
…

Orchestration = Terragrunt
https://github.com/gruntwork-io/terragrunt/

tfvars can’t contain dynamic values :(

tfvars can’t contain dynamic values,
so I ﬁxed it :)

before_hook + shell-script
See this: https://github.com/antonbabenko/modules.tf-lambda/blob/master/
templates/terragrunt-common-layer/template/common/scripts/
update_dynamic_values_in_tfvars.sh
Or try it yourself by using cloudcraft.co

Edge cases
Different AWS regions (S3 signature, EC2 ClassicLink, IPv6)
Age of AWS accounts
Limits in AWS

Avoid in Terraform
Non-sensitive arguments in CLI. Put them in tfvars ﬁle.
• -target
• -parallelism
Terraform workspaces => Separate directory
Dependency hell in modules

- [x] How to write modules
- [x] How to use modules
- [x] 1-in-1 much better over time
- [x] Orchestration = Terragrunt
- [x] Dynamic values in tfvars
- [ ] What is next?

Terraform 0.12
HCL2 — simpliﬁed syntax
Loops ("for")
Dynamic blocks ("for_each")
Correct operations of comparison (… ? … : …)
Extended types in variables
Templates in string values
Links between all resources everywhere (depends_on)
Read more — https://www.hashicorp.com/blog/terraform-0-1-2-preview

Summary
Write less and simpler — Terraform 0.12 will not ﬁx your code for you
Use existing modules and tools

cloudcraft.co features
Manage AWS components in browser (EC2 instances, autoscaling groups, RDS,
etc)
Connect components
Import live AWS infrastructure
Calculate the budget
Share link to a blueprint
Export as image
Embed drawing to wiki, Conﬂuence, etc

Infrastructure as code generator — from visual diagrams to Terraform

✓ cloudcraft.co — design, plan and visualize
✓ terraform-aws-modules — building blocks of AWS infrastructure
✓ Terraform — infrastructure as code

modules.tf notes
✓ Available for all users: https://cloudcraft.co/
✓ Generates potentially ready-to-use Terraform conﬁgurations
✓ Suits best for bootstrapping
✓ Enforces Terraform best practices
✓ Batteries included (terraform-aws-modules, terragrunt, pre-commit, …)
✓ 100% free for all & open-source (https://github.com/antonbabenko/
modules.tf-lambda )
✓ Want to sponsor, or a sticker? Contact me.

Cloudcraft — the best way to draw AWS diagrams
cloudcraft.co

Thanks!
Questions?
In progress — www.terraform-best-practices.com
github.com/antonbabenko
twitter.com/antonbabenko

Terraform modules and (some of) best practices

More Related Content

What's hot (20)

Similar to Terraform modules and (some of) best practices (20)

More from Anton Babenko (11)

Recently uploaded (20)

Terraform modules and (some of) best practices