Demystifying Infrastructure-as-Code with Terraform

Unraveling the magic behind modern infrastructure management

9 min readApr 1, 2023

Infrastructure-as-Code (IaC) is a relatively new concept that has taken the IT industry by storm. It’s a practice that simplifies the deployment and management of infrastructure by treating it as code. In this article, I will break down the concept of IaC, and guide you through a simple Terraform tutorial. No prior coding knowledge required.

What is Infrastructure-as-code?

Before we dive into IaC, let’s first define what infrastructure means in the context of technology. Infrastructure refers to the underlying components and systems that support software applications, such as servers, databases, networks, and storage devices. These components need to be provisioned, configured, and maintained for an application to run properly.

Traditionally, infrastructure was managed manually. This meant that every time a new server or database was needed, an IT team member would manually set it up and configure it. This process was time-consuming, error-prone, and difficult to reproduce consistently. Moreover, with the rapid expansion of cloud ecosystems and the thousands of cloud resources available, managing infrastructure has become increasingly overwhelming for organizations.

IaC is a solution to this problem. It involves writing code that defines the infrastructure components and their configuration. This code can then be version-controlled and managed like any other software code. When changes are needed, the code is updated, and the infrastructure is automatically provisioned and configured to match the updated code.

Tools and Technologies for IaC

There are numerous IaC tools available, each with its unique set of features, strengths, and target use cases. While cloud-native tools like AWS CloudFormation, Azure Resource Manager, and Google Cloud Deployment Manager are designed specifically for their respective cloud platforms, other IaC tools offer broader capabilities and compatibility.

Terraform is known for its multi-cloud support and declarative language. It allows you to define the desired end state of your infrastructure, and the tool provisions the resources accordingly. Ansible, on the other hand, is an agentless automation tool that excels at configuration management and application deployment. Its playbooks, written in YAML, outline the necessary steps to achieve the desired infrastructure state.

Other IaC tools, such as Puppet and Chef, focus on configuration management and automation. Puppet employs a declarative language and a master-agent architecture, while Chef uses Ruby-based DSL (Domain Specific Language) and follows a client-server model. Both tools have a strong emphasis on enforcing desired configurations and automating repetitive tasks across multiple systems.

Terraform in Action — Hands On

In the following section, we will meticulously examine the process of provisioning a Storage Account in Microsoft Azure utilizing Terraform. Each code block will be explained thoroughly to ensure a comprehensive understanding of their respective functions. By the conclusion of this demonstration, the goal is to equip you with a solid grasp of Terraform’s inner workings, empowering you to confidently provision your own cloud resources.

Prerequisites:
Terraform installed on your machine. You can download it from https://www.terraform.io/downloads.html.
An Azure account with an active subscription. Sign up for a free account at https://azure.microsoft.com/en-us/free/.
Azure CLI installed on your machine. Download it from https://docs.microsoft.com/en-us/cli/azure/install-azure-cli.

Step 1: Authenticate with Azure

Before we begin, ensure you are authenticated with Azure using the Azure CLI. Run the following command in your terminal or command prompt:

az login

Subsequently, if you have multiple subscriptions under your account, you can set the subscription with the following command:

az account set --subscription <your-subscription-ID>

Step 2: Create a Terraform configuration file

Create a new directory for your Terraform project and navigate to it in your terminal or command prompt. Then, create a new file named main.tf in the directory and open it in a text editor.

Step 3: Declare the AzureRM provider

Add the following code to your main.tf file to declare and configure the AzureRM provider:

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.0"
    }
  }
}

provider "azurerm" {
  features {}
}

In this case, the Terraform provider azurerm is specifically designed for managing Microsoft Azure resources. Terraform providers are plugins that allow Terraform to interact with various services and APIs. They enable you to create, modify, and manage resources on different platforms, such as cloud providers or on-premises systems.

Each provider comes with a set of resource types and configurations specific to the platform it supports. When you write a Terraform configuration file, you declare which providers you want to use and configure their settings accordingly.

In essence, providers act as a bridge between Terraform and the target platform. They translate the declarative configuration language (HCL) used in Terraform files into API calls that the platform understands. This enables you to manage resources across a wide range of platforms using a consistent, unified approach.

Step 4: Define the Azure Resource Group

Add the following code block to your main.tf file to define an Azure Resource Group:

resource "azurerm_resource_group" "resource-group" {
  name     = "azure-resource-group"
  location = "Southeast Asia"
}

Azure Resource Groups are logical containers for resources that are deployed within an Azure subscription. They provide a way to organize, manage, and monitor resources based on their relationship and association with each other. In Azure, most resources must reside in a Resource Group.

Step 5: Define the Azure Storage Account

Add the following code block to your main.tf file to define the Azure Storage Account:

resource "azurerm_storage_account" "storage-account" {
  name                     = "storageaccountname"
  resource_group_name      = azurerm_resource_group.resource-group.name
  location                 = azurerm_resource_group.resource-group.location
  account_tier             = "Standard"
  account_replication_type = "GRS"
  tags = {
    environment = "development"
  }
}

Azure Storage Accounts are a scalable cloud storage service provided by Microsoft Azure. They offer various storage options for different types of data, including Blob Storage (for unstructured data), and File Storage (for file shares). Storage Accounts are essential for managing and storing data in the Azure cloud platform.

In this example, the storage account is configured to reside within the previously created Resource Group (azure-resource-group). This is achieved by referencing the resource_group_name and location variables directly from the resource group code block. By doing so, you ensure that the storage account remains associated with the correct resource group, even if the resource group's name changes in the future. This approach streamlines the process and minimizes the risk of errors arising from manual updates.

In this example, I demonstrate the creation of a basic storage account. However, it is important to note that in real-world scenarios, there are more than 50 parameters that can be passed into the code block to fine-tune the storage account’s settings. A comprehensive list of these parameters can be found within the official Terraform documentation, providing you with the flexibility to configure the storage account to your precise requirements.

Step 6: Initialize the Terraform configuration

In your terminal or command prompt, run the following command to initialize Terraform:

terraform init

The output of the `terraform init` command.

The terraform init command is a crucial first step in the Terraform workflow. It initializes a Terraform working directory by performing several essential tasks, which are explained in depth below:

Backend initialization: Terraform stores the state of your infrastructure in a backend, which can be local (default) or remote. The init command configures the chosen backend according to the settings specified in your Terraform configuration. This enables Terraform to store and retrieve the state of your resources consistently, regardless of the backend you choose.
Provider plugin installation: As mentioned previously, Terraform relies on provider plugins to manage and interact with various infrastructure platforms, such as cloud providers and on-premises systems. The terraform init command downloads and installs the required provider plugins based on the providers declared in your Terraform configuration. It ensures that the appropriate provider versions are installed, and if not, downloads them from the Terraform Registry or other specified sources.
Terraform settings validation: During the initialization process, terraform init also validates your Terraform configuration settings. It checks for any syntax errors, missing provider configurations, and other issues that might prevent the successful execution of subsequent Terraform commands.
Creation of the .terraform directory: The init command creates a hidden .terraform directory within the Terraform working directory. This directory stores the provider plugins, backend configuration, and other essential data required for managing your infrastructure. It is crucial not to modify or delete this directory manually, as it might lead to unexpected behavior or loss of infrastructure state data.

Step 6: Generate a Plan

Run the following command in your terminal:

terraform plan

This command generates an execution plan, which is a preview of the changes Terraform will make to your infrastructure based on your configuration. The plan outlines the resources to be created, modified, or destroyed, allowing you to review and verify the changes before applying them. It helps you catch potential issues and ensure that the changes align with your intentions.

Some main ouputs of the `terraform plan` command

Step 6: Apply the changes

After the initialization is complete, run the following command to apply the Terraform configuration:

terraform apply

This command executes the changes proposed in the execution plan, creating, updating, or deleting the infrastructure resources as specified in your configuration. When you run terraform apply, Terraform prompts you to confirm that you want to proceed with the changes, giving you one final opportunity to review the plan before it is applied. Once confirmed, Terraform makes the necessary API calls to the infrastructure provider to implement the changes.

Step 6: Clean Up

terraform destroy

This command removes all the resources defined in your Terraform configuration. It is particularly useful when you want to decommission your infrastructure or clean up resources after testing or development. Like the apply command, terraform destroy requires confirmation before proceeding to ensure you don't accidentally delete critical resources.

More on Terraform

Terraform offers numerous features and benefits that make it an attractive choice for managing infrastructure:

Idempotency: Terraform’s idempotent nature ensures that applying the same configuration multiple times results in the same infrastructure state. In the context of our tutorial, re-running terraform apply will not create additional Resource Groups or Storage Accounts, nor will it modify the existing ones, unless the configuration changes. This ensures consistency and prevents unintended alterations to your infrastructure.
Declarative language: Terraform uses a declarative language (HashiCorp Configuration Language, or HCL) that allows you to describe the desired end state of your infrastructure. This approach simplifies the configuration process and abstracts the complexity of interacting with different infrastructure providers.
Modularity and reusability: Terraform allows you to create reusable modules that encapsulate common infrastructure components. This promotes the efficient reuse of code, reduces duplication, and simplifies maintenance.
Version control and collaboration: Terraform configurations can be stored in version control systems (e.g., Git), enabling collaboration among team members, tracking changes, and maintaining a history of your infrastructure. Additionally, Terraform Cloud and Terraform Enterprise offer advanced features for collaboration, remote state management, and access control.

Conclusion

I hope this tutorial has provided you with a solid foundation in Terraform, empowering you to effectively create and manage infrastructure resources across a variety of platforms. By understanding the core concepts and principles, you are now better equipped to harness the potential of IaC and Terraform in your own projects. As you continue to explore these tools and methodologies, you’ll undoubtedly appreciate the value they bring in terms of consistency, efficiency, and adaptability, allowing you to confidently navigate and manage the ever-evolving landscape of modern infrastructure.