Terraform - bobbae/gcp GitHub Wiki

Terraform is a tool for building, changing, and versioning infrastructure. Terraform can manage existing a service providers as well as custom in-house solutions.

Cloud Foundation Toolkit

Google Cloud Foundation Toolkit supports Terraform as well as Google Cloud Deployment manager.

Infrastructure as Code

Infrastructure as Code is the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.

Terraform's infrastructure-as-code (IAC) approach supports DevOps best practices for change management, letting you manage Terraform configuration files in source control to maintain an ideal provisioning state for testing and production environments.

Immutable infrastructure

The benefits of an immutable infrastructure include more consistency and reliability in your infrastructure and a simpler, more predictable deployment process.

HCL

https://www.terraform.io/docs/language/index.html

Defining and managing your development, test, staging, and production environments using infra-as-code tools such as Deployment Manager or Terraform is a common practice.

https://www.youtube.com/watch?v=3vfXQxWJazM

https://www.terraform.io/intro/index.html

Policy validation

https://cloud.google.com/docs/terraform/policy-validation

Terraform JSON support

https://www.terraform.io/docs/language/syntax/json.html

Module

A Terraform module is a set of Terraform configuration files in a single directory. Even a simple configuration consisting of a single directory with one or more .tf files is a module. When you run Terraform commands directly from such a directory, it is considered the root module. So in this sense, every Terraform configuration is part of a module.

https://registry.terraform.io/browse/modules

Using terraform with Google Cloud

https://cloud.google.com/docs/terraform

Importing resources from gcloud to Terraform

How to import manually created resources using gcloud into terraform?

https://teracloud.medium.com/google-cloud-importing-resources-from-the-gcloud-to-iaac-in-terraform-b25a05787144

Encoring Policy as Code using Atlantis

https://tech.loveholidays.com/enforcing-best-practice-on-self-serve-infrastructure-with-terraform-atlantis-and-policy-as-code-911f4f8c3e00

Selective deployment

https://github.com/GoogleCloudPlatform/professional-services/tree/main/examples/cloudbuild-selective-deployment

Extending terraform

Plugins

https://www.terraform.io/docs/extend/how-terraform-works.html

Custom Providers

https://www.terraform.io/docs/extend/hashicorp-provider-design-principles.html

Using terraform

https://www.digitalocean.com/community/tutorial_series/how-to-manage-infrastructure-with-terraform

Loops and conditions

https://blog.gruntwork.io/terraform-tips-tricks-loops-if-statements-and-gotchas-f739bbae55f9

Troubleshooting

https://learn.hashicorp.com/tutorials/terraform/troubleshooting-workflow

Mistakes

https://blog.pipetail.io/posts/2020-10-29-most-common-mistakes-terraform/

state

https://tryingthings.wordpress.com/2021/03/31/lessons-learned-after-losing-the-terraform-state-file/

https://medium.com/@moabu/oops-deleted-the-terraform-state-file-imported-the-resource-but-now-it-wants-to-recreate-it-1695e9b6e8

Pain points

https://adambrodziak.pl/terraform-is-terrible

Issues

https://www.schibsted.pl/blog/9-reasons-why-terraform-is-a-pain-and-1-why-you-should-still-care/

Debugging terraform

https://www.terraform.io/docs/internals/debugging.html

Debug a Terraform Provider

https://learn.hashicorp.com/tutorials/terraform/provider-debug

Getting Started on GCP with terraform

https://cloud.google.com/community/tutorials/getting-started-on-gcp-with-terraform

Managing infrastructure as code with Terraform, Cloud Build, and GitOps

https://cloud.google.com/solutions/managing-infrastructure-as-code

Hashicorp terraform on GCP tutorials

https://learn.hashicorp.com/collections/terraform/gcp-get-started#gcp

Provisioning Anthos clusters with Terraform

https://cloud.google.com/architecture/provisioning-anthos-clusters-with-terraform

Manage GCP projects with terraform

https://cloud.google.com/community/tutorials/managing-gcp-projects-with-terraform

Discuss whether the project is the right unit of delivery. There are resources that are bound to the projects. Is it wise to have a long-running project that must be kept alive for months or years? When can one delete such a project? Are there any resources that can only be removed when the project is removed? (Hint: dataflow jobs, Firestore database, scattered IAM service accounts, ... ). What does it mean to deliver terraform for resources inside a project? Should the unit of delivery be at a minimum the whole project?

https://github.com/GoogleCloudPlatform/community/tree/master/tutorials/managing-gcp-projects-with-terraform

Terraform, GKE, and network policy add-on

Problems that occur when there are too many layers of abstraction happening without considering affects that permeate through the layers and assumptions made in each layer.

https://blog.ml6.eu/how-proper-default-settings-can-save-money-and-trees-99783752d81c

Cloud Foundation terraform templates

https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/master/docs/terraform.md

Integrate GCP with Datadog using terraform

https://medium.com/sardineai/integrating-gcp-with-datadog-with-terraform-d88c5c65dc0a

Google Cloud security foundations guide

CFT Terraform modules can be composed to build a secure GCP foundation, following the Google Cloud security foundations guide .

https://github.com/terraform-google-modules/terraform-example-foundation

Tools

Infracost

https://Infracost.io

Terraformer

Reverse of terraform.

https://github.com/GoogleCloudPlatform/terraformer

Gcloud resource-config bulk-export

https://www.teracloud.io/single-post/google-cloud-importing-resources-from-the-gcloud-to-iaac-in-terraform

Bulk import and export of existing Google resources

https://cloud.google.com/config-connector/docs/how-to/import-export/bulk-export

Terracognita

https://github.com/cycloidio/terracognita

Terragrunt

https://terragrunt.gruntwork.io/

https://github.com/gruntwork-io/terragrunt

https://medium.com/bestmile/migrating-from-terraform-to-terragrunt-cf91f5d7a301

Terratest

https://github.com/gruntwork-io/terratest

Terraspace

https://terraspace.cloud/

Atlantis

Terraform pull request automation

https://www.runatlantis.io/

Env0

https://www.env0.com/

Spacelift

https://spacelift.io/

Terraform validator

https://github.com/GoogleCloudPlatform/terraform-validator

Terraform Validator tutorial

https://github.com/GoogleCloudPlatform/terraform-validator/blob/main/docs/tutorial.md

Terraform module generator

Scaffolding / Boilerplate generator for new Terraform module projects

https://github.com/sudokar/generator-tf-module

Chekov

Terraform static analysis tool.

https://github.com/bridgecrewio/checkov/

GitHub pre commit

https://github.com/antonbabenko/pre-commit-terraform

Bridegecrew

https://bridgecrew.io/

Snyk

https://support.snyk.io/hc/en-us/articles/360010916577-Scan-and-fix-security-issues-in-your-Terraform-files

Geodesic

https://github.com/cloudposse/geodesic

Deep source

https://deepsource.io/static-analysis/terraform/

Atmos

https://github.com/cloudposse/atmos

Cloud Custodian

https://github.com/cloud-custodian/cloud-custodian

Pulumi

https://www.pulumi.com/docs/intro/vs/terraform/

CDK

CDK (Cloud Development Kit) for Terraform allows developers to use familiar programming languages to define cloud infrastructure and provision it through Terraform.

https://cdk.dev/

https://github.com/hashicorp/terraform-cdk

https://learn.hashicorp.com/tutorials/terraform/cdktf

https://dev.to/michael_lin/deploy-infrastructure-using-cdk-for-terraform-with-go-28ne