An Introduction to Terraform Cloud

I’ve been given a crash course in Terraform lately, and the first thing I did was to get a Terraform Cloud account to help manage all of the variables and workspaces. The general workflow of Terraform remains the same:

terraform init
terraform plan
terraform apply

However, we can optionally connect Terraform Cloud to our Git repository and trigger runs based on commits to specific branches. So, the workflow I used was as follows:

Create an organization and workspace connected to my Git repository

Switch the workspace to Local

Configure main.tf as follows:

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "2.86.0"
    }
  }
  cloud {
    organization = "my-organization"
    token = "my-api-key"
    workspaces {
      name = "my-workspaces"
      #tags = ["my-app"]
    }
  }
}

Create a Terraform API token with the required permissions. Note that we have to put the api-key in this file 😦 I’d really rather not do that

Initialize Terraform

Develop your Terraform plan and verify that it is working as usual. I’d suggest that you do NOT commit your code with the token value above (remove it before committing and provide the API key to each developer). There isn’t a way to pass this value in the environment or on the command line, so be careful! Code reviews are a good thing.

Switch your Terraform Cloud workspace from Local to Remote

Commit your code

Trigger run on Terraform Cloud, either automatically upon push, or manually

You no longer have to manually trigger runs locally; you can simply push your code and trigger the run in the Cloud console. I’m no stranger to a CLI, and Terraform has a pretty nice one. But I prefer the web interface. Additionally, we get teams, users and permissions. We can, for example, assign a different team to the production environment than the development environment.

Think of this as the CD for your DevOps for Infrastructure. Using Azure DevOps (or similar), you will be able to enforce code reviews before committing to branches used by Terraform Cloud. Terraform will automatically execute once the code is committed, saving you the management of a DevOps pipeline to run your code.

There’s a lot of advanced features here that I haven’t looked at yet. For example, you can apply organization-wide policies that are checked when any developer in the organization checks in. Terraform will fail if these policies are breached. My initial thoughts are that this will simplify the workflow and management of an infrastructure DevOps process.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: