Enterprise-Grade Terraform

Release Date: 19/03/2021

Author: John Jarvis

Introduction

The open-source offering of Terraform, Terraform OSS, is a very popular Infrastructure-as-Code (IaC) tool; chances are, you are a fan of it. However, for those who are still on the fence, I’ll highlight two points.

If you need infrastructure to do your job, that can be a blocker: tickets to raise, a networking team to liaise with, maybe a security team as well; that’s time, and switching context again and again. It isn’t writing code, or thinking up new ways to improve your customers’ experience. Enter Terraform, where you can use proven code to build what you need now, and, with the latest release of the Terraform Cloud Development Kit, there’s even less context switching: keep writing Python, Java or C#, only now you’re building the kit your other code will run on. Magic!

My second point is for those who are happy with their provider of choice: first, every business is only one acquisition away from being multi-cloud; don’t you want to tackle that hurdle now, and have one less thing to worry about? And of those who’re planning to deal with vendor lock-in down the road, some will say that their native IaC experience is superior; this simply hasn’t proven true, in the longer term, with Terraform actually supporting new AWS features ahead of CloudFormation in the past, for example.

The Limits of OSS

We’ve raised this issue before: the hidden costs of running OSS. I won’t dwell on that now, because there are plenty of features to highlight in Terraform Cloud, and the self-hosted Terraform Enterprise, which I like to bundle together as enterprise-grade Terraform.

What do we mean by enterprise-grade?

Simply put, enterprise-grade Terraform is IaC at scale. You’ve been that maverick at the keyboard, building kit to the wonderment of your colleagues, and now they, and other people in other divisions who you haven’t even met, are using Terraform. But have your practices scaled with that adoption? Where are your state files? How much code are you reusing, as an organisation? How many builds are going on, across your organisation, right now? And is all that kit to an agreed standard, and being used efficiently?

Terraform Cloud (and Terraform Enterprise) can answer all these questions, and more. This is where enterprise-grade Terraform shines.

Key Features

State Management

Proper state file management is time-consuming and time-intensive. And the risks associated with an errant local state file, or a secret key exposed in a public repository are very serious. With Terraform Cloud, you can encrypt sensitive variables and remotely manage state, confident in its confidentiality, integrity and availability, regardless of how it’s split across the various lines of business in your organisation.

You can also create predictable workflows for collaborating on deploying this infrastructure; Terraform Cloud workspaces can trigger runs of other workspaces, which in turn make use of the previous one’s exposed outputs. And all of these changes are tracked, including, importantly, the approval chains for all those plans.

HashiCorp now has a large library of case studies to help you get a better idea of what’s possible with enterprise-grade Terraform. For example, Eventbrite had great success using the Terraform Landing Zone (TLZ) and Terraform Enterprise to simplify their AWS multi-account strategy.

Policy Management

As hinted at earlier, your Terraform adoption can quickly outpace your ability to manage it effectively. Sentinel, HashiCorp’s Policy as Code tool, allows Enterprise customers to both dictate and delegate policy decisions, as they see fit, across their whole organisation.

Teams in Terraform Cloud can have some flexibility around how they manage their workspaces, while, broadly speaking, the organisation can restrict builds to certain availability zones, for example, or limit access to certain services to specific dates and times. It helps avoid costly mistakes, both in the traditional sense, as well as reputationally.

This all scales well, so that, whether it’s policy changes or workspace changes, pre-emptive runs highlight what will be affected ahead of time, allowing you to coordinate with other teams, or change tack, as required.

Observability

And while we’re on the subject of bird’s eye views, Terraform Cloud’s audit trails API, for Business Tier customers, can feed your observability platform of choice, detailing policies checked, runs completed, those awaiting approvals, and many other workspace actions. With the Terraform Cloud for Splunk App, you get all this on a pane of glass, and run custom searches against the data, as you could against any other data input in Splunk.

Terraform Cloud is trusted by more than 60000 users,
and is free for up to five from an organisation; register for a fully-featured trial today!

John Jarvis is a certified Terraform (and Vault) Professional (a.k.a. CHIP) with Somerford Associates.

Get Notified for New Blogs:

We post regularly on the platforms below, notifying our audience when we publish new pieces.

All views expressed on this blog are the author’s own and do not represent the opinions of any entity whatsoever with which the author 
has been, is now or will be affiliated, inc. this organisation whose website the blog is hosted on, or any partner of this organisation.

Scroll to Top