Announcing Coherence 2.0 and CNC, the first open source IaC framework
All posts

Terraform Infra Basics for Cloud Management

Learn the basics of Terraform for cloud management, including infrastructure as code, core concepts, setting up, real-world applications, and advanced features. Explore how Terraform compares to other IaC tools and its benefits for managing

Zan Faruqui
May 16, 2023

Managing a cloud infrastructure can be complex and time-consuming, but Terraform infra makes it easier by automating and managing everything through code. Here's a quick overview of what you need to know about Terraform:

  • What is Terraform? A tool that lets you manage cloud infrastructure using configuration files.

  • Benefits: Automation, version control, validation, and multi-cloud support.

  • Core Concepts: Providers, resources, modules, state management, and workspaces.

  • Setting Up: Simple setup on Windows, Linux, and macOS, with specific steps for AWS and GCP authentication.

  • Real-World Applications: Used across various industries like financial services, retail, media, and startups for efficient cloud management.

Terraform offers a structured approach to cloud management, making it a preferred choice for businesses looking to streamline their operations and manage infrastructure more effectively.

Understanding Infrastructure as Code (IaC)

Infrastructure as Code (IaC) is all about managing your computer networks and storage systems through files that a computer can read, instead of setting up physical hardware by hand. Think of it like this: instead of building and tweaking things manually, you write down in a special file exactly how you want your tech setup to look. This file then acts as a master plan, telling computers how to set everything up automatically.

Some key benefits of using IaC include:

Improved Efficiency

  • You can set up and change your tech stuff quickly by running some code, skipping over the slow, manual steps. This means you can get your projects up and running faster.

  • Making changes to your setup is easier too. Since everything is written down like a recipe, you can update your files and reapply them to keep everything up-to-date without much fuss.

Consistency and Repeatability

  • IaC helps keep everything running the same way by cutting down on manual mistakes. If someone sets things up by hand, they might miss a step or do something differently each time. IaC keeps this from happening.

  • You can also easily make copies of your setup in different places, like for testing or going live, just by using the same instructions. This makes it easier to manage different versions of your project.

By treating the setup of your tech environment like any other piece of code, IaC makes it possible to automate, speed up, and make your infrastructure more reliable. Tools like Terraform are great for this because they're designed to help you use IaC effectively.

What is Terraform?


Terraform is a tool that lets you set up and manage your tech stuff like servers and databases without having to do it all by hand. It's made by a company called HashiCorp and is free for anyone to use. Here's what makes Terraform stand out:

  • Works Everywhere: Whether you're using Amazon's AWS, Microsoft's Azure, Google's Cloud (GCP), or just your own stuff, Terraform can handle it. This means you can manage everything in one place.

  • Plan Before You Do: Terraform shows you what will happen before it makes any changes. This way, you can make sure everything goes as planned.

  • Handles All Steps: From starting up a new server to taking it down when it's no longer needed, Terraform manages the whole life of your tech setup. You tell it what you want through simple files, and it does the rest.

  • Keeps Track of Everything: Terraform remembers what your setup looks like. This helps avoid surprises as you make changes over time.

  • Community Support: Lots of people use and improve Terraform. You can find extra tools and help from this community.

In short, Terraform makes managing your tech resources easier, cheaper, and less likely to mess up.

Terraform Architecture

Terraform is built around a few key parts:

  • Configuration Files: These are simple text files (.tf) where you write down what you want your tech setup to look like, using a special language called HCL.

  • Terraform Engine: This is the brain of Terraform. It reads your files and figures out what needs to be done to make your setup match what you've written.

  • Providers: These are plugins that let Terraform talk to different tech services like AWS or Google Cloud, so it can set up and manage things there.

  • State Data: Terraform keeps a record of your setup so it can track changes and make sure everything is how it should be.

  • Plugins: These are extra tools made by the community that add more features to Terraform.

This setup helps Terraform manage your tech stuff smartly and keep everything running smoothly.

Why Use Terraform?


Here's why Terraform is a good choice for managing your tech setup:

  • It turns your infrastructure into code. This means you can handle your tech setup more like how you manage software.

  • It makes managing tech resources faster and less of a headache.

  • Everything stays consistent and repeatable, which means fewer mistakes.

  • It's easier for teams to work together when everyone can see and use the same setup instructions.

  • You can manage stuff across different cloud services and even mix different types of environments.

  • Changes are safer because Terraform checks everything before doing it.

  • You can use tools and resources created by others to do even more with Terraform.

Basically, Terraform helps you manage your tech resources in a smart, efficient way, making life easier for everyone involved.


Core Concepts of Terraform

Terraform uses a bunch of important ideas to help you manage your cloud stuff. These include providers, resources, modules, state management, and workspaces.


Providers are like bridges that let Terraform talk to different cloud services, such as AWS, Azure, GCP, and Kubernetes. They deal with all the technical chat with these services and let you use their features in a simple way.

Here's what you should know about providers:

  • They're like add-ons for Terraform, making it easy to connect to different clouds or tech tools.

  • You can mix and match providers in one Terraform setup.

  • Providers make using different cloud services feel similar, so you don't have to learn new tricks for each one.

  • There are loads of providers for all the big cloud names and other tech tools.

For instance, if you're using AWS, you'd use the AWS provider. It takes care of all the complicated AWS stuff, letting you set up things like web servers and storage without needing to be an AWS expert.

State Management


Terraform keeps track of your setup in something called a state. This is like a blueprint of what your cloud setup looks like at any moment.

Here's why state is important:

  • You can store this state info somewhere safe where your team can all see it, which is great for working together.

  • It remembers all the technical details and relationships between your cloud resources.

  • You can bring in stuff you've already set up into Terraform's view.

  • It checks if someone else made changes outside of Terraform to keep things consistent.

  • Keeping different versions of your state can help you manage changes safely.

Using a remote place to keep your state, like an S3 bucket, is smart when you're working in a team. It means everyone can see the same info and you can stop people from making changes that clash.


Modules let you package up parts of your cloud setup so you can use them again easily. They help with:

  • Simplicity - Keep the complicated bits hidden inside modules.

  • Reuse - Use the same setup parts in different projects.

  • Keeping things tidy - Modules look after their own bit of the cloud.

  • Organization - Break your setup into manageable chunks.

You might have a module for setting up a network, including things like subnets and routing. This makes it easy to plug that network setup into any project.


Workspaces are like separate folders for different versions of your cloud setup. They each have their own settings and track their own changes. You can use them for:

  • Different stages - Like having a draft, a test version, and a final version.

  • Different teams - Each team can have their own workspace so they don't mess with each other's stuff.

  • Testing new ideas - Try out changes without affecting the main setup.

With workspaces, you can keep your test experiments separate from your real, live cloud setup, making it safer to try new things.

Setting Up Terraform

Getting Terraform up and running is pretty simple. Here's a step-by-step guide to help you start:


Terraform works on Windows, Linux, and macOS. Here's how to install it:

  • Windows: Go to Terraform's downloads page and get the 64-bit .exe file. Run the downloaded file, and it'll install Terraform in C:\Program Files\Terraform.

  • Linux: If you're using a Linux system, you can install Terraform using your package manager. For those on Debian/Ubuntu:

sudo apt-get update && sudo apt-get install terraform

And for people using RHEL/CentOS:

sudo yum install terraform
  • macOS: If you're on a Mac, the easiest way is through Homebrew:
brew install terraform

After installing, type terraform -v in your terminal to make sure it's installed properly by checking the version number.


Terraform needs the right access to manage things on cloud platforms like AWS and GCP. Here's how to set it up:

For AWS, you'll need to create a user in IAM (which is a way to manage access on AWS) with the ability to access things programmatically. Then, give this user permissions to manage the resources you want Terraform to handle. After that, you'll need to set up some environment variables with your access keys:

export AWS_ACCESS_KEY_ID="accesskey"
export AWS_SECRET_ACCESS_KEY="secretkey"

For GCP (Google Cloud Platform), you create a service account, which is like a special user for applications, and give it the permissions it needs. Download a JSON key for this account and tell your system where it is:

export GOOGLE_APPLICATION_CREDENTIALS="/path/to/service-account.json"

Once you've got your credentials sorted, Terraform can start setting up your infrastructure on different cloud services and accounts.

Writing Your First Terraform Configuration

AWS Example

Here's a straightforward way to use Terraform for setting up some basic stuff on AWS (Amazon Web Services):

Configure the AWS provider

provider "aws" { region = "us-east-1" }

Create a VPC

resource "aws_vpc" "example" { cidr_block = ""

tags = { Name = "terraform-example-vpc" } }

Create public subnets

resource "aws_subnet" "public" { vpc_id = cidr_block = ""

tags = { Name = "Public Subnet" } }

Create an internet gateway

resource "aws_internet_gateway" "gw" { vpc_id = }

Create a route table

resource "aws_route_table" "public" { vpc_id =

route { cidr_block = "" gateway_id = } }

Associate the route table with the public subnet

resource "aws_route_table_association" "public" { subnet_id = route_table_id = }

Create a security group

resource "aws_security_group" "web" { name = "allow_web_traffic" description = "Allow inbound web traffic" vpc_id =

ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = [""] }

egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = [""] } }

Create an EC2 instance

resource "aws_instance" "web" { ami = "ami-0c55b159cbfafe1f0" instance_type = "t2.micro"

subnet_id = vpc_security_group_ids = [] associate_public_ip_address = true

tags = { Name = "terraform-example-instance" } }

This setup includes:

- A network (VPC) with a public area (subnet)
- An internet doorway (gateway) and a directions list (route table) for public web access
- A rule book (security group) that lets in web visits (HTTP traffic)
- A computer (EC2 instance) in the public area for running your website or app

To get this up and running, you type these commands:

terraform init terraform plan terraform apply

And to take it all down when you're done:

terraform destroy

### GCP Example 

And here's how you'd set up something similar on GCP (Google Cloud Platform):

Configure the GCP provider

provider "google" { project = "my-gcp-project" region = "us-central1" }

Create a VPC network

resource "google_compute_network" "vpc" { name = "terraform-network" }

Create public subnet

resource "google_compute_subnetwork" "public" { name = "public-subnet" network = google_compute_network.vpc.self_link ip_cidr_range = "" region = "us-central1" }

Create firewall rule

resource "google_compute_firewall" "http" { name = "terraform-firewall" network =

allow { protocol = "tcp" ports = ["80"] }

source_ranges = [""] }

Create GCE VM instance

resource "google_compute_instance" "vm" { name = "terraform-instance" machine_type = "f1-micro" zone = "us-central1-a"

boot_disk { initialize_params { image = "debian-cloud/debian-9" } }

network_interface { subnetwork = google_compute_subnetwork.public.self_link

access_config {
  # Allocate public IP

} }

This configuration sets up a network and a virtual machine on GCP, similar to the AWS setup. You manage it the same way with Terraform's plan, apply, and destroy commands.

## Advanced Terraform Features

### Modules

Modules in Terraform help you organize your cloud setup into smaller, reusable pieces. Think of a module like a Lego set that contains everything you need to build a specific part of your project, like a network or a server setup. You can use these modules over and over in different projects or share them with others.

Why modules are handy:

- **Encapsulation** - They keep the nitty-gritty details hidden, so you don't have to worry about them.
- **Reusability** - You can use the same setup in multiple places without rewriting code.
- **Organization** - They help you keep your project neat [and]( tidy by grouping related [resources]( together.
- **DRY principle** - This stands for Don't Repeat Yourself. By creating a module, you write your code once and then reuse it wherever needed.

Modules can be:

- **Local modules** - These are modules you create and use within your own project.
- **Public modules** - These are modules that anyone has shared for others to use, and you can find them on the [Terraform Registry](

To use a module, you add a bit of code to your Terraform file that looks like this:

module "vpc" { source = "./modules/vpc"

name = "my-vpc" cidr = "" }

This tells Terraform to use the VPC module you've specified, and you can pass in details like the name and network range.

### Terraform Cloud

[Terraform Cloud]( is a service from HashiCorp that makes it easier for teams to work together on Terraform projects. It offers features like:

- **State management** - Keeps track of your project's current setup in a safe, shared place.
- **Access controls** - Lets you decide who can do what in your Terraform projects.
- **Policy enforcement** - Helps make sure your projects follow the rules and standards you set.
- **Notifications** - Sends updates about your Terraform project's status.
- **Private module registry** - A place for your team to store and share your own modules.
- **API-driven runs** - Allows you to run Terraform commands through an API instead of just the command line.

Terraform Cloud is all about making it easier to manage your projects, especially when you're working in a team. It helps keep everything organized and running smoothly, making sure everyone's following the rules and keeping things consistent.

## Best Practices for Terraform

### Code Structure

When you're setting up your Terraform to handle lots of tasks across different areas, it's key to keep your code easy to work with. Here's how:

- **Modular architecture** - Split your setup into smaller parts that can be used again and again. Think of making separate pieces for network stuff, computer stuff, storage, and so on.
- **Standard module structure** - Make sure each module looks similar: they should have variables, resources, and outputs. This makes it easier to find your way around.
- **Environments as workspaces** - Use Terraform workspaces to manage different settings like dev, test, prod. Keep the specific settings for each in their own files.
- **Remote state storage** - It's better to store your Terraform info online instead of on your computer. This helps everyone stay on the same page.
- **Naming conventions** - Decide on a way to name your resources and stick to it. This makes it clearer, especially when your setup gets big.
- **Comments** - Write notes to explain what different parts do. This helps others (and you) understand better.

### Security

Keeping things secure with Terraform means:

- **Least privilege** - Only give the least amount of access needed to roles and accounts. Cut off access that's not needed to keep things tight.
- **Sensitive data** - Don't put secrets in your files without encryption. Use a secure place to keep them instead.
- **Change validation** - Have someone else look over changes before they're made. This helps catch problems early.
- **Automated testing** - Set up tests to check for security issues or mistakes after you make changes.
- **Policy enforcement** - Stick to rules that make sure your setup meets security standards.
- **Logging and monitoring** - Keep an eye on what's happening with your Terraform and cloud services. Alert for anything odd.

Following these steps helps keep your cloud setup safe and sound from unwanted changes or access.

## Terraform Compared to Other IaC Tools

Terraform is different from other tools that help manage cloud stuff because it has some unique features. Let's look at how it stacks up against others like AWS CloudFormation, Ansible, and Chef:

**Comparison Table**

| Feature | Terraform | CloudFormation | Ansible | Chef |
| --- | --- | --- | --- | --- |
| Multi-Cloud Support | Yes | AWS-only | Yes | Yes |
| State Management | Yes | No  | No  | Yes |
| Declarative vs Imperative | Declarative | Declarative | Imperative | Imperative |

### Multi-Cloud Support

Terraform is really good because it works with lots of different cloud services, not just one. This means you can manage stuff on AWS, Azure, GCP, and even in your own data centers with the same set of tools. On the other hand, CloudFormation is only for AWS.

Using Terraform makes it easier to handle everything in one place, even if you're using different cloud providers. You get to use the same language (the HCL language) and ways of doing things no matter where your stuff is.

### State Management

Terraform keeps track of all the cloud things you set up, like a list of what's running and how it's all connected. This helps you see what changes will happen before you make them and bring in stuff that's already running.

Ansible and CloudFormation don't keep track of things this way, which can make it harder to manage everything as it gets bigger.

For teams using Terraform, it's a good idea to store this list somewhere everyone can see it, like in a [remote state]( This helps everyone know what's going on.

### Declarative vs Imperative Style

Terraform and CloudFormation tell the cloud what you want the end result to be, like saying, "I want a server with these features." You don't need to worry about every single step to get there; the tool figures it out.

Ansible and Chef, though, are more like giving step-by-step instructions. They tell the cloud, "First do this, then do that." This way can take more time because you need to think through each step.

In short, Terraform's ability to work with lots of clouds, its way of keeping track of your cloud setup, and its simpler way of setting things up make it a top choice for managing cloud infrastructure. It's especially good because of the big community around it and how you can customize it with different providers.

## Real-World Applications

Terraform is a tool that lots of different companies use to make managing their online setups easier and more efficient. It works for all kinds of businesses, helping them handle everything from their websites to their apps. Here are some examples of how businesses use Terraform in the real world:

### Financial Services

Big banks rely on Terraform to quickly set up the tech they need for their trading apps, especially when the stock market changes fast.

- Standard Chartered uses Terraform to automatically set up trading tech across different AWS accounts, helping them launch new services faster.

- JPMorgan Chase uses Terraform to make sure that when they set up tech on AWS and Azure, it meets all their security and compliance rules.

### Retail and Ecommerce

Online shops use Terraform to make sure their websites can handle lots of visitors, especially when they're selling things across different cloud services.

- Zalando uses Terraform to manage their online store on both AWS and Google Cloud, making sure everything runs smoothly no matter where it is.

- Under Armour shifts their online store between AWS and Azure with Terraform, depending on which is cheaper or works better, especially when lots of people are shopping at once.

### Media and Gaming

Companies that stream videos or make games use Terraform to quickly get their content to people all over the world.

- Twitch sets up the tech for live streaming around the world using Terraform, making sure everyone can watch videos without problems.

- uses Terraform to quickly set up editing software for videos, helping them grow as more people use their service.

- Epic Games uses Terraform to make sure Fortnite's online game runs well on AWS, especially when lots of people are playing or they release something new.

### Startups

New companies like using Terraform because it helps them get started quickly and grow without having to worry too much about their online tech.

- Fivetran started using Terraform when they were just beginning and now manage their tech for over 1,000 customers with it.
- Starburst Data, a company that analyzes data, says Terraform helped them grow fast because their small team could focus on making their product better instead of setting up cloud services.

In short, Terraform is a big help for companies who want to move fast, be more productive, and handle their online tech across different cloud services without too much hassle.

## Learning Resources

Here are some helpful places to learn more about Terraform, including guides, forums, and resources for cloud stuff.

### Terraform Documentation

The [official HashiCorp Terraform documentation]( is a great place to start. It has everything from beginner [guides]( to detailed info on how Terraform works.

Key documentation resources:

- [Intro to Terraform]( - A quick overview and beginner's guide to using Terraform
- [Configuration Language]( - A guide to understanding Terraform's language, HCL
- [Provider Documentation]( - Info on how to use Terraform with different cloud platforms like AWS, Azure, GCP, and more.

### [HashiCorp]( Learn Platform


HashiCorp has a bunch of free online courses at [HashiCorp Learn]( to help you get better at using Terraform.

Key courses:

- [Terraform Associate Certification Prep]( - Practice tests and study guides for getting Terraform certified
- [Production-Ready Terraform]( - Tips on how to use Terraform for real projects
- [Multi-Cloud Automation]( - How to manage stuff across different cloud services like AWS, Azure, and GCP with Terraform

## Conclusion

Terraform has really changed the game for how teams handle all the tech stuff in the cloud. Think of it like making your infrastructure (all your tech needs) into a set of instructions that you can easily update, share, and keep track of.

Here's a quick rundown of the main points we talked about:

- **Infrastructure as Code (IaC)** - With Terraform, you can write down how you want your tech setup to be in a clear, versioned, and shared way.
- **Execution Plans** - Terraform lets you see what changes it will make before it makes them. This means you can be sure things will go as planned.
- **Resource Graph** - It helps you see how different parts of your tech setup depend on each other.
- **State** - Terraform keeps a record of your setup to help manage changes over time.
- **Workspaces** - You can manage different versions of your setup for different purposes, like testing or live production, separately.
- **[Modules](** - These are like building blocks for your tech setup that you can reuse and share, making things more organized and consistent.

Looking ahead, Terraform is getting even better at helping developers manage infrastructure with new tools for checking rules, estimating costs, and more.

As more businesses move to the cloud, Terraform's ability to work with different cloud services and manage everything in one place makes it a great choice. Plus, being open source means it's less likely you'll get stuck with one vendor.

If you're keen to learn more about Terraform and how to manage cloud tech, check out the [learning resources](#learning-resources) section. And if you have questions, feel free to tweet me at [@myhandle]( Happy terraforming!

## Related Questions

### How does Terraform Cloud help manage infrastructure?

Terraform Cloud gives you a shared space to keep track of your Terraform projects. It organizes your work into workspaces, which you can think of as folders for different projects or environments like development, testing, and production.

Key benefits include:

- **Centralized state storage** - Keeps everyone on the same page about your infrastructure.
- **Access controls** - Lets you decide who can see or change your infrastructure setup.
- **Policy enforcement** - Helps you follow rules for security and compliance.
- **Notifications** - Sends you updates when something changes.
- **Private module registry** - A place to keep and share bits of code you use a lot.

### How do I set up AWS infrastructure with Terraform?

- Make sure Terraform can access AWS by setting up a credentials file.
- Download Terraform and tell it you're using AWS.
- Write your setup code - things like networks, places for your data, and computers.
- Get Terraform ready with `terraform init`.
- See what will happen with `terraform plan`.
- Make it happen with `terraform apply`.
- Clean up when you're done with `terraform destroy`.

### What does Terraform do in the cloud?

Terraform helps you set up and change your cloud setup using code. It works with different cloud platforms like AWS, Azure, and GCP through something called providers.


- **Infrastructure as Code** - You manage everything in files, not by hand.
- **Multi-cloud** - One tool for different cloud services.
- **Automation** - Makes setting up and changing things faster.
- **Consistency** - Less chance of mistakes.
- **Testing** - Easier to try out changes.

### How do you handle existing infrastructure with Terraform?

To bring current setups under Terraform's control:

- Get Terraform and set it up for your cloud service.
- Use `terraform import` to bring in resources you're already using.
- Write your Terraform code to match what you already have set up.
- Apply your code to make sure Terraform and your actual setup match.

This way, you can start managing things with Terraform without messing up what's already there.

Related posts