weekly.tf - #20

It seem the flurry of releases around Terraform 0.13 and the AWS provider 3.0 have settled down. This week I have a collection of links related to how to organize and manage Terraform code when working as a team. I hope you enjoy.

We've all been there- a bunch of cloud infrastructure has been deployed without any sort of automation. That infrastructure is now mission-critical and also hard to mutate. The transition from unmanaged to managed is difficult but doable.

The team from Koan is going through such a transition, using a combination of Terraform and Ansible and taking a pragmatic approach (starting with dev environments).

The organization of software code is important. As code bases and teams grow it becomes even more important. Thoughtfully refactoring and reorganizing can pay huge dividends.

The same applies to Terraform code, but wait there's a catch. The catch is that is significantly harder to refactor Terraform code. Refactoring within a given workspace is annoying because nearly anything worth doing would involve doing state manipulations. Refactoring across workspaces, and therefore state files, is so painful that its rate of occurrence rounds to 0.

So, here's the thing– it is especially important to get your Terraform code organization set up well from the beginning. At my day job I build a whole tool to do just this. Unfortunately, in the beginning, you have little information about how things will play out. Better refactoring tools are sorely missing.

Anyway, this guide is a nice practical set of advice about how to organize your code when working with Terraform.

Ok, it seems this issue's them is going to be repo organization.

I was a bit confused by this approach. I would expect "main" to be the entry point for a software stack, but in this case it is not.

A high-level broad guide to how to organize and work on infrastructure-as-code-code.

A pretty small release with no new resources, just bug fixes and incremental improvements to existing resources and data sources.

Terrascan is a policy-as-code tool for working with Terraform that uses the Rego language. The project has just reached 1.0.0, so it might be a good time to check it out of you have not previously.

If you have anything you think should be included in this newsletter, please feel free to email or twitter dm me.