carloscastilla - Fotolia
Learn how to use Terraform for multi-cloud management
Terraform provides a highly configurable platform to manage infrastructure in a cloud-agnostic way. However, enterprises need to prepare for some challenges.
A multi-cloud strategy can introduce a lot of complexity for enterprise IT teams. While there are several open source endpoint management tools that can help, such as Puppet, Chef and Ansible, the ability to deploy services to multiple providers from a single point of entry, rather than through the typical server-client relationship, is especially valuable.
HashiCorp's Terraform is an open source infrastructure as code (IaC) tool that can establish a single workflow for admins to make predictable and reproducible changes to infrastructure across any cloud provider. It simplifies the deployment of services across multiple providers, as well as the management of VMs and dependencies. Since Terraform is an IaC tool, it also enables teams to share, reuse, deploy and roll back infrastructure changes, just as they would with versions of code.
Get started
Let's take a look at a basic Terraform configuration file that provisions both an AWS EC2 instance and a Google App Engine application.
provider "aws" {
access_key = "ACCESS_KEY_HERE"
secret_key = "SECRET_KEY_HERE"
region = "us-east-1"
}
provider "google" {
credentials = "${file("account.json")}"
project = "my-project-id"
region = "us-central1"
}
resource "aws_instance" "example" {
ami = "ami-123456789"
instance_type = "t2.micro"
}
resource "google_project" "my_project" {
name = "My Project"
project_id = "your-project-id"
org_id = "1234567"
}
resource "google_app_engine_application" "app" {
project = "${google_project.my_project.project_id}"
location_id = "us-central'
}
The above configuration defines two providers and three resources. In Terraform, a provider is a service that interacts with a given API -- in this example, AWS and Google Cloud Platform (GCP). While the most intuitive use for the provider directive is to configure one or more cloud platforms, a number of other resources are available as well, such as database drivers, networking platforms and version control systems.
After you define a provider, you can declare resources for that provider. In the example above, there are three defined resources: an AWS EC2 instance, a GCP project and a Google App Engine application. Resources are any tools or services, such as storage, databases or compute, offered by a given cloud. However, a resource could also define a local file or even random data generators.
Adapt to change
In addition to its ability to provision application infrastructure with well-defined configuration files, Terraform can adapt to changing requirements. This unique feature enables admins to apply changes to the configuration file without doubling up on work or infrastructure. For example, let's say that our above configuration file changes to the following:
provider "aws" {
access_key = "ACCESS_KEY_HERE"
secret_key = "SECRET_KEY_HERE"
region = "us-east-1"
}
resource "aws_instance" "example" {
ami = "ami-123456789"
instance_type = "t2.micro"
}
As you add and remove resources, Terraform identifies these changes and updates your infrastructure accordingly. Because Terraform keeps the previous state of any applied configuration files, it knows to remove the previously provisioned GCP resources without also attempting to reprovision the AWS resources. This is especially helpful in a version-controlled environment where changes can happen at any time.
Challenges
One of Terraform's biggest benefits also poses its biggest risk -- because it's fairly easy to use, without careful consideration, users can incur significant costs. With a single command, a user can apply any configuration file to provisioned providers, which can result in dozens of resources being deployed to any number of cloud providers. While Terraform helps guard against this with a plan readout and confirmation, accidents can happen. Take every precaution when you work with Terraform to avoid any unintended costs.
Additionally, Terraform can adapt to changes to any configured environment because it stores the state of the provisioned infrastructure. While this provides a fast mechanism to create, modify and delete infrastructure, the tool doesn't inspect cloud resources on every run, which means you can't make infrastructure changes from multiple machines without more overhead to share the state.