Terraform by default provision concurrently 10 resources, to change use -parallelism=n on plan, apply and destroy commands.
Terraform is an immutable, declarative, Infraestructure as Code provisioning tool.
IaC provides benefits:
- Can be versioned
- Can be shared
- Can be reused
The idempotent characteristic provided by IaC tools ensures that, even if the same code is applied multiple times, the result remains the same.
- Terraform is cloud agnostic
- Is totally based on state file
- Can manage infrastructure in various providers at same time
- Solve across cloud dependencies
Advantages:
- Platform Agnostic
- State Management
- Operator Confidence
- Configuration block:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">=3.0"
}
}
}
To download new providers:
- Add a resource and run
terraform init
or
- Explicitly add the provider configuration and run
terraform init
Only constants are allowed inside the terraform block.
plugins directory path:
Windows %APPDATA%\terraform.d\plugins
All other systems ~/.terraform.d/plugins
CLI Configuration File (.terraformrc or terraform.rc)
The CLI configuration file configures per-user settings for CLI behaviors, which apply across all Terraform working directories. This is separate from your infrastructure configuration.
The location of the Terraform CLI configuration file can also be specified using the TF_CLI_CONFIG_FILE environment variable.
Provider Plugin Cache
Terraform optionally allows the use of a local directory as a shared plugin cache, which then allows each distinct plugin binary to be downloaded only once.
To enable use plugin_cache_dir on CLI conf file, or export TF_PLUGIN_CACHE_DIR
The management is user's responsability.
Provisioners
Expressions in provisioner blocks cannot refer to their parent resource by name, it must to use self to refer their parent.
A destroy-time provisioner whithin a resource that is tainted will not run.
If you need to run provisioners that arent directly associated with an specific resource, you can associate them with a null_resource.
Connection block can be used in resource and provisioner blocks.
Terraform SO's availability:
- Windows
- Solaris
- Linux
- FreeBSD
- OpenBSD
- macOS
In workspaces each workspace has a separeted state file associated with it:
(...)/terraform.tfstate.d/workspace_name/terraform.tfstate
Logs
-
Log path:
export TF_LOG_PATH='path/to/file' -
Log level:
export TF_LOG='LEVEL'
The most verbose level of logs is TRACE and the out is on stderr. Supported levels: TRACE, DEBUG, INFO, WARN and ERROR
Unset logs:
unset TF_LOG
export TF_LOG=
Before import an non managed resource to your state is necessary create the code.
terraform import aws_instance.foo i-abcd1234
Resources can be imported into modules, and with count/for_each
terraform import module.foo.aws_instance.bar i-abcd1234
terraform import 'aws_instance.baz[0]' i-abcd1234
terraform import aws_instance.baz[\"example\"] i-abcd1234
A module cannot access parent module variable; Hence to passa variables to a child module the calling module should pass specific values in the module block.
By default Terraform will clone and yse de default branch in the selected repository.
To specify a tag:
module "vpc" {
source = "git:https://code.example.com/vpc?ref=v1.0"
}
The variables must be declared on the child module, and the values should be passed by the calling module in tfvars file or on cli.
Everything that is accepted in git checkout command is a valid ref.
If the same variable is assigned multiple values, Terraform will use the last.
- Modules from a private registry
<hostname>/<namespace>/<name>/<provider>
e.g.:
app.terraform.io/example_corp/vpc/aws
Module Names to public modules:
terraform-<provider_name>-<module-name>
To download and update modules in root module you can:
terraform get
Precedence of variables:
- Env vars
- terraform.tfvars
- terraform.tfvars.json
- *.auto.tfvars or *.auto.tfvars.json
- -var or -var-file
To set an environment variable:
export TF_VAR_var_name=value
The worflow: Write > plan > apply
terraform refresh only modify the state (and its deprecated)
terraform show command is used to provide a human-readable output from a state or plan-file
Without state file, every command fail except init
To unlock a state run the command terraform force-unlock with the LockID prompted by Terraform.
- Partial backend configuration
-
Interactively: terraform will prompt
-
File: configuration file specified via the
initcommand. Use-backend-config=path -
CLI: use
init -backend-config="key=value"
Standard backends:
- local (default)
- artifactory
- azurerm
- consul
- cos
- etcd
- etcdv3
- gcs
- http
- kubernetes
- manta
- oss
- pg
- s3
- swift
Automatic conversion types:
string <-> bool
list <-> tuple
map <-> object
Tuple and Map support different types at same time.
Environment variables do not support List and map types.
Datasources are loaded during the plan.
Functions and dynamic blocks (and more):
ref: https://gist.github.com/edsoncelio/f516a1c66f0aee65f4a5e68f53a76caa
- parseint parses a string as a integer
parseint("100", 10)
100
| Terraform Cloud | TF Cloud Free | TF CloudTeam And Governance | TF Cloud Business | OSS | Enterprise |
|---|---|---|---|---|---|
| Price | 0 (until 5 users) | Starting at $20 user/month | sales | 0 | sales |
| Create and provision infrastructure | x | x | x | x | x |
| Manage and share infrastructure | x | x | x | x | x |
| Manage & enforce teams & policies (as code) | x | x | x | ||
| SSO | x | x | |||
| Audit | x | x | |||
| Private Datacenter Networking | x | x | |||
| Support for ServiceNow | x | x | |||
| Additional concurrent runs | Option for 1 additional | custom | custom | ||
| Support Community | x | x | x | x | |
| Support bronze | x | x | x | ||
| Support silver | x | x | |||
| Support gold | x | x | |||
| Self Hosted | x |
Post with topics to know. Be careful, some things are out of date.
A simulator that covers all content with questions at the same level as the real exam
A simulator that covers all the content with questions with a level slightly above the real exam