Infrastructure as Code with Terraform

A complete guide to managing your cloud infrastructure with code, from core concepts to production best practices.

What is Infrastructure as Code (IaC)?

Infrastructure as Code (IaC) is the practice of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. In simpler terms, it means defining your servers, networks, databases, and other infrastructure components in code, just like you would with an application.

This approach brings the benefits of software development—like version control, automated testing, and CI/CD—to infrastructure management.

Why is IaC a Cornerstone of DevOps?

  • Speed and Automation: Spin up entire production-ready environments in minutes, not days.
  • Consistency: Eliminate "configuration drift" by ensuring that every environment (dev, staging, prod) is identical.
  • Version Control: Track every change to your infrastructure in Git, providing a full audit trail and the ability to roll back changes.
  • Collaboration: Teams can collaborate on infrastructure changes through pull requests, just like application code.

Introducing Terraform

Terraform by HashiCorp is the industry-leading open-source tool for building, changing, and versioning infrastructure safely and efficiently. It uses a declarative configuration language called HCL (HashiCorp Configuration Language) to describe your desired infrastructure state.

How Terraform Works: Core Concepts

  • Providers: Plugins that allow Terraform to interact with cloud providers (like AWS, Azure, GCP), SaaS providers, and other APIs.
  • Resources: The building blocks of your infrastructure. A resource might be a virtual machine, an S3 bucket, or a DNS record.
  • State File: A JSON file (terraform.tfstate) where Terraform stores a map of your real-world resources to your configuration. This is critical for Terraform to know what it manages.
  • Execution Plan: When you run terraform plan, Terraform compares your desired state (code) with the current state (state file) and presents a plan of what it will create, update, or destroy.

The Terraform Workflow

The 3-Step Process

Write → Plan → Apply

  1. Write: You define your infrastructure in .tf files using HCL.
  2. Plan: Run terraform plan to see what changes Terraform will make. This is a crucial review step.
  3. Apply: Run terraform apply to execute the plan and provision the infrastructure.

Example: Creating an AWS S3 Bucket

Here’s a simple example of what Terraform code looks like. This configuration defines an AWS S3 bucket. 


terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

provider "aws" {
  region = "us-west-2"
}

resource "aws_s3_bucket" "app_bucket" {
  bucket = "my-unique-rkssh-app-bucket"

  tags = {
    Name        = "My App Bucket"
    Environment = "Dev"
  }
}

Terraform Best Practices

Practice Why It's Important
Use Remote State Store your state file remotely (e.g., in an S3 bucket) with locking to prevent conflicts when working in a team.
Use Modules Package reusable pieces of infrastructure into modules to keep your code DRY (Don't Repeat Yourself) and maintainable.
Version Control Everything Store all your .tf files in a Git repository to track changes and enable collaboration via pull requests.
Separate Environments Use different state files or workspaces to manage your dev, staging, and production environments independently.
Secure Your Secrets Never hardcode secrets like API keys in your Terraform code. Use a secrets manager like HashiCorp Vault or the cloud provider's native service.

Ready to test your knowledge?

Now that you've reviewed the fundamentals, take our Terraform Skill Assessment to validate your expertise and earn a certificate!