Terraform - Up and Running: Writing Infrastructure as Code

Product Information

If you want an other provider, you'll have to manage yourself and probably won't benefit **that much** from the book. I read the first edition of this book, so the terraform version is a little dated, making the exercises hard to follow at times. Also goes to show how fast terraform is evolving and not even yet hit the first leading major version, I.e., 0.* version only. The other challenge was also the intro of terragrunt, by the author, which made an entry and then disappeared later on, making it hard to follow the tutorial style text. The second ingredient is to strictly limit what the CI server can do once it has authenticated: for example, in the OIDC snippet above, you’ll want to severely limit the permissions in that IAM role. But then how do you handle the admin permissions you need to deploy arbitrary Terraform changes?

through code examples that you can try at home. You'll go from deploying a basic "Hello, World" Terraform Update the code to work with the current version of Terraform. Providers are now separated from the main repository and the way terraform init works has changed slightly.Secrets management: examples of using different types of secret management tools (e.g., Vault, KMS, etc) with Terraform. this is not a book that'll teach you devops best practices which is a plus in terms of book length. On hindsight, without the proliferation of cloud, it would hard to see IaC taking hold as the languages would be so fragmented across each infra built out. Even though you can find most of the information online in docs or online articles, in the book such information is well structured and complicated topics are brought one by one without overwhelming the reader with complexity. This book is more than enough to help you set up Terraform in your projects on a decent level and start using it in production.

Currently, this is the best introduction into Terraform that is on the market. It isn't perfect, but this book does a really good job at taking someone who has never installed Terraform or used it and getting them up to what I would call "intermediate" level of knowledge. I actually interviewed for several DevOps jobs that required Terraform experience by solely reading this book and following along with the tutorials. It covers all the main Terraform concepts and I was able to even impress my interviewers based off the knowledge from this book.The biggest opportunity that I take away from the book is thinking more about the structure of the TF files. I think the template presented here is pretty good, scalable and at least easier to digest than what I'm currently working on. And we also came to the conclusion that TF state should be broken up into smaller, independent chunks. So that's cool. You built a module and you want to use it several times—in a loop, essentially—without having to copy and paste the code. However, Terraform 0.12 and below didn’t support count or for_each on module. The solution Therefore, except for a few niche cases, I recommend the cloud native approach. This is also the approach that Terraform is designed for: you can use Terraform with multiple clouds, but you have to write separate code for each cloud, using the providers and resources native to that cloud. Therefore, even for multi-cloud deployments, it’s unusual to build a single Terraform module that deploys into multiple clouds (that is, uses multiple different providers in one module); it’s much more common to keep the code for each cloud in separate modules. support a large amount of traffic and a large team of developers—all in the span of just a few chapters. The code examples on Github are very clear, I found myself lost just following along in the book. I highly recommend that readers use the code examples while working through the book.

There are several ingredients to setting up a secure CI / CD pipeline for Terraform. The first ingredient is to handle credentials on your CI server securely. The 3rd edition of the book adds examples of using environment variables, IAM roles, and arguably the most secure option of all, OpenID Connect (OIDC). Chapter 6 includes an example of using OIDC with GitHub Actions to authenticate to AWS, via an IAM role, without having to manage any credentials at all: # Authenticate to AWS using OIDC

Table of contents

This is a two part blog post series. In the first part of the series (this blog post), I’ll go into detail on the following 5 problems and their solutions, based on snippets from the 3rd edition of the book: This hands-on-tutorial, now in its 3rd edition, not only teaches you DevOps principles, but also walks you

Transparent portability: With this approach, the idea is to try to use all the clouds as one unified computing platform, abstracting away all the differences between cloud providers to make it easier to migrate a workload from one cloud to the other. It's a pretty good book to get you started with Terraform. It provides great best practices for using Terraform in your company you couldn't find in one place anywhere else. One thing where I had hoped to get more out of is the "testing" chapter. I'm not sold on the presented approach. Or in other words: the approach presented here seems a lot of effort compared to what I'm currently working on which also works reasonably well (gitops + pre-prod env + terraform.io and inspecting the plan-output in Github PRs). To deploy into multiple clouds, you create multiple copies of different providers. Readers of the first two editions of this book often asked for examples of how to work with multiple clouds (e.g., AWS, Azure, GCP), but I struggled to find an example where it was practical to do this in a single module. Here’s why:

your infrastructure as code and to deploy and manage that infrastructure across a variety of public cloud In the second part of the series, which will come out when the final version of the 3rd edition is published ( Update, September 28, 2022: the 3rd edition is now published , and the second part of the blog post series is available !), I’ll cover 5 more problems and solutions, including input validation, refactoring, static analysis, policy enforcement, and maturity. Grab a copy of the book to get full access to all of this content! Multiple regions, accounts, and clouds The problem