cloud infrastructure-as-code

Terraform

terraform iac devops cloud-infrastructure
Plain English

Terraform lets you build cloud infrastructure by writing it in text files instead of clicking through web consoles. You describe what you want (“a server in Virginia with 4 CPUs and a database attached”) and Terraform creates it. Change the file and Terraform updates the infrastructure to match. Delete the file and Terraform tears it all down. Everything is version-controlled, reviewable, and repeatable.

Technical Definition

Terraform (HashiCorp, now IBM) is a declarative infrastructure-as-code (IaC) tool that provisions and manages cloud infrastructure across multiple providers using a consistent workflow.

Core concepts:

  • HCL (HashiCorp Configuration Language): declarative language for defining resources
  • Provider: plugin that interfaces with a specific platform (AWS, Azure, GCP, Cloudflare, Kubernetes, 3000+ providers)
  • Resource: a single infrastructure object (EC2 instance, S3 bucket, DNS record)
  • State: Terraform tracks the current state of managed infrastructure in a state file (terraform.tfstate). Critical for determining what needs to change.
  • Plan: preview of changes Terraform will make (additions, modifications, deletions)
  • Apply: execute the planned changes against the provider APIs

Workflow:

  1. terraform init: download providers and initialize the working directory
  2. terraform plan: show what will change (safe, read-only)
  3. terraform apply: create/update/delete resources to match configuration
  4. terraform destroy: tear down all managed resources

Key features:

  • Dependency graph: automatically determines resource creation order
  • Modules: reusable, shareable infrastructure components
  • Remote state: store state in S3, Azure Blob, Terraform Cloud for team collaboration
  • Import: bring existing infrastructure under Terraform management

Terraform vs. Ansible: Terraform provisions infrastructure (create VMs, networks, databases). Ansible configures infrastructure (install software, copy configs, start services). They are complementary, not competing.

Terraform AWS infrastructure 

# provider.tf
terraform {
  required_providers {
    aws = { source = "hashicorp/aws", version = "~> 5.0" }
  }
  backend "s3" {
    bucket = "bytesnation-tfstate"
    key    = "prod/terraform.tfstate"
    region = "us-east-1"
  }
}

provider "aws" { region = "us-east-1" }

# network.tf
resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"
  tags       = { Name = "bytesnation-vpc" }
}

resource "aws_subnet" "public" {
  vpc_id     = aws_vpc.main.id
  cidr_block = "10.0.1.0/24"
  tags       = { Name = "public-subnet" }
}

# server.tf
resource "aws_instance" "web" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t3.small"
  subnet_id     = aws_subnet.public.id
  tags          = { Name = "bytesnation-web" }
}
$ terraform plan
Plan: 3 to add, 0 to change, 0 to destroy.
$ terraform apply -auto-approve
aws_vpc.main: Creating...
aws_vpc.main: Created (id: vpc-abc123)
aws_subnet.public: Created (id: subnet-def456)
aws_instance.web: Created (id: i-ghi789)
Apply complete! Resources: 3 added.
In the Wild

Terraform is the industry standard for cloud infrastructure management. Teams use it to provision entire environments (VPCs, subnets, security groups, databases, load balancers, DNS records) from code that is version-controlled in Git and reviewed through pull requests. This eliminates “snowflake” environments where no one remembers how production was configured. In CI/CD pipelines, Terraform plans run automatically on pull requests, and applies happen on merge to main. The most critical Terraform practice is protecting state: the state file contains sensitive data (resource IDs, sometimes passwords) and must be stored encrypted in a remote backend, never committed to Git. OpenTofu is an open-source fork of Terraform created after HashiCorp changed its license in 2023.

← Back to Dictionary