Software Engineering

Terraform up and running - lessons learned

Infrastructure as Code (IaC) has revolutionized the way we manage and deploy cloud infrastructure, making it more efficient, secure, and scalable. In this essay, I'll share my experience with IaC using Terraform, drawing from the insights gained from reading "Terraform up and running" by Yevgeniy Brikman.

3 minutes
Hero image

As I planned my trip to China, I decided to utilize some of my free time to delve deeper into the world of Infrastructure as Code (IaC). To achieve this, I chose the book "Terraform up and running" by Yevgeniy Brikman.

My Experience with RapidStream

Prior to this, I had already gained experience in the realm of IaC while developing RapidStream, a multi-tenant B2B SaaS service in Azure. During this process, I employed the methodology "Learning by Doing" to set up our environments for the system.

The Book "Terraform up and running"

The book primarily focuses on automating deployments to make them more efficient and secure. It begins with the basics and covers all essential topics until it reaches a production-ready setup and test-driven infrastructure.

Key Takeaways

As I read through the book, I gained some interesting insights that I'd like to share:

  • State Management: It's crucial to carefully consider where and how the Terraform state is managed. When it's remotely stored, ensure it's encrypted (since sensitive data is stored in plain text) and versioned (so you can roll back). However, never include the state file in your repository (as it contains sensitive data).
  • Environments: It's recommended to separate environments using files rather than Terraform workspaces. If all environments are combined into a single file, you risk compromising the production system when making changes to the staging environment. Similarly, manage multiple regions separately (instead of using provider aliases). If an issue arises in one environment or region, you'll want to quickly modify the others.
  • Refactoring: Like any code, IaC also requires refactoring to remain clean and understandable. Changes should be reviewed with the plan command. Before deleting a resource, create a new one (e.g., create a new load balancer before removing the old one). Use the move command to modify resources without causing significant disruption. Note that some resources are immutable and must be removed (rather than modified).
  • Secret Management: There are various options for this, but a secret store appears suitable as an initial approach.

My Impression

The book provides good examples for these points, with a clear progression throughout the chapters, explaining why it's essential to address each topic. I was particularly impressed by the section on estimating, especially the mention of "Yak Shaving" after Seth Godin.

Conclusion

This book offers a great introduction to the world of Infrastructure as Code and is recommended for those just starting out. The sections on estimating and the hints about the Yak-Shaving Problem are particularly interesting.

If you need help setting up Infrastructure as Code or would like to, I'm here to assist – also in the name of my company konzentrik.

Subscribe to my newsletter

Receive once a month news from the areas of software development and communication peppered with book and link recommendations.