Terraform Basics and Helpful Commands

Overview

These are just some quick recap notes and troubleshooting steps. There’s much more to terraform, but this is a quick basics overview, getting started guide and a short troubleshooting guide.

How does Terraform translate it’s resource definitions to the target cloud?

Terraform works via a ‘provider’ resource for each cloud platform. The provider translates the resource definitions in the .tf file – to API calls (e.g. AWS API calls for the AWS provider). There are cases where certain features are only available in AWS CLI – and not via API (such as enabling MFA on s3 buckets). In these rare cases, the default provider for aws will not work.

The provider feature is what makes terraform both cloud agnostic and super flexible.

For e.g. if you don’t like AWS Cloudfront and want to use Cloudflare as your cdn on aws – you simply plug in a cloudflare terraform provider. Same for if you do not like route 53 and want to use another dns service. Here is a list of all the terraform providers (they keep adding more)

Terraform planning and applying

After applying, Terraform maintains a snapshot of the state of resources it provisioned. This is stored in a .tfstate file and is used as the baseline for future plan and apply executions.

After a while of using Terraform, I realized, if I ever wanted to know if something had unintentionally changed in our infrastructure, I just needed to run plan and see if Terraform intended to do anything.

If anything was changed intentionally, then it would have been in the source code and Terraform would not plan to do anything. However, if anyone changed any part of our AWS infrastructure manually, Terraform’s plan would identify it and let us know.

In other words, if our AWS or GCP infrastructure drifted from its expected state, then Terraform’s plan would detect it.

Local Setup with credentials (AWS , GCP Providers)

Google Provider (Download the json formatted key for your service account from Google’s Console. That’s what account.json refers to)

provider "google" {
  credentials = file("account.json")
  project     = "my-project-id"
  region      = "us-central1"
}

AWS Provider

provider "aws" {
  version = "~> 2.0"
  region  = "us-east-1"
}

Validating, Planning and Applying

terraform validate

terraform plan

terraform apply

Formatting Code

terraform fmt command is used to rewrite Terraform configuration files to a canonical format and style.

Targeting Specific Resources instead of ALL Resources in your TF module

terraform apply -target=google_storage_bucket.my_storage_bucket

Troubleshooting Debugging

Terraform apply can fail without giving a meaningful reason. To see the underlying reason, you have to enable TF_LOG = “debug”. On a windows machine, fire up a powershell prompt to do do. On a Linux box, a bash prompt will do the same.

From a powershell prompt, type 
$env:TF_LOG="config"

Sometimes, your debug trace will show 'resource tainted'. To untaint tainted resources 

terraform untaint resourcename

String Concat

format("%s/%s",var.string,"string2")

Summary

These are just some quick recap notes and troubleshooting steps. There’s much more to terraform, but this is a quick basics overview, getting started guide and a short troubleshooting guide.

Need an experienced AWS/GCP/Azure Professional to help out with your Public Cloud Strategy? Set up a time with Anuj Varma.

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written 1210 posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.