Automate Infrastructure as Code with Terraform Cloud & GitHub
Automate Infrastructure Deployment with Terraform Cloud and GitHub
Infrastructure as Code(IaC) is the management of infrastructure such as virtual machines, virtual networks, load balances, etc in a declarative model with the use of versioning from the version control system(Git). IaC is a key DevOps practice and is used in conjunction with continuous delivery.
Problems Solved by IaC
- Resolve environment drift — Inconsistency among environments leads to issues during deployments. To avoid such drift IaC helps to produce the same configured environment each time based on the code.
- Idempotence — Idempotence is the property that a deployment command always sets the target environment into the same configuration, regardless of the environment’s starting state.
Terraform Cloud
Terraform Cloud is a managed service offered by HashiCorp. Terraform Cloud-managed Terraform runs in a consistent and reliable environment and manages the terraform shared state. Additionally Terraform Cloud-managed the secret data, connected to version control systems to work with organization teams on IaC.
Prerequisites
- Terraform Cloud Account(Free Sign Up)
- GitHub Account
- Code Editor of your preference — VS Code, Web Storm, etc
Step 1. Create GitHub repo for Terraform code
First, create a GitHub repo to push Terraform code files. You can sign up for GitHub from this link.
Step 2. Create Terraform Cloud Account
You can sign up for Terraform Cloud from here. I already. have an account created as below.
After sigh up first you need to create an organization. We use this organization to create multiple workspaces as per our requirements. You can read more about Terraform Cloud and Terraform Workspaces below documentations.
Step 3. Create New Workspace
Now let's create a new workspace for this demo, then configure GitHub as our Version Control System (VCS).
In Terraform workspace created click New Workspace as shown below.
In the Create a new Workspace section select Version control workflow as highlighted below,
The next step is to select a VCS provider. For this demo, we are using GitHub as our VCS control system. It’s possible for us to select other supported VCS systems. use Connect to a different VCS link.
Next, select the repository to which we are connected to Terraform Cloud workflow. If this is the first workspace your connecting we need to authenticate with GitHub.
In the last step, we need to give a workspace name and description. After providing those details click Create Workspace.
After the workspace is created you will navigate to an overview of the workspace as shown below
Step 4. Create Azure service principal name (Azure AD Application)
The next step is to create an Azure SPN to allow Terraform Cloud to authenticate with Azure Subscription(s). You can learn more about SPN from here.
You can create an SPN by following the Azure CLI command too.
az ad sp create-for-rbac --name ServicePrincipalName --role Contributor
Step 5. Add environment variables to Terraform Cloud variables
Next step, we are adding the environment variables that need for the authentication. To authenticate with Azure Terraform cloud need the following environment variables.
- ARM_CLIENT_ID
- ARM_CLIENT_SECRET
- ARM_SUBSCRIPTION_ID
- ARM_TENANT_ID
From following Terraform documentation explain different methods of authentication.
I already added the required environment variables for the variables section in Terraform Cloud workspace as below.
Apart from environment variables we can add any Terraform variables as well to this section. Those Terraform variables are may need in the Terraform configuration files.
Step 6. Run Terraform plan
Now we added the environment variables, so we can start a plan for our workspace and see the output of the Terraform plan.
When you start the plan Terraform executes a planning task and provides you the planned output as below. In this output, you can expand each individual resource.
After checking the Terraform output, if resources are provisioned as we expected, we can confirm and apply the provisioning of resources to Azure.
6. Trigger on GitHub commit
Let's take the Terraform plan and apply it to the next phase. Now let's take a look at how to trigger Terraform workflow based on a commit to a specific branch.
Previously we configured our GitHub repo with Terraform Cloud workspace so the default settings trigger Terraform workflow for any commit to the main branch of the repo. Let's take a look at those configurations in Terraform Cloud UI.
Click on the workspace settings and select Version Control
In the workspace settings under the VCS branch, you can change the branch of the repo you want to trigger a terraform plan. This can use for using different branches for specific environments. The default branch is set to main or master.
Now I’ll add the following Terraform code to the existing configuration file and push those changes to the repo. The following config will add a subnet to the existing virtual network we created previously
resource "azurerm_subnet" "vm-subnet" {name = "default"resource_group_name = azurerm_resource_group.resource-group.namelocation = azurerm_resource_group.resource-group.locationvirtual_network_name = azurerm_virtual_network.virtual-network.nameaddress_prefix = "10.10.1.0/24"}
Under the Runs of the workspace, you can see the triggered workflow with the git commit details. After inspecting the changes you can approve the deployment.
Now the Terraform workflow is completed with the GitHub trigger and we can see the changes are applied successfully.
Step 7. Trigger Terraform delete
NOTE — DON’T DO THIS IN PRODUCTION
Next, we will see how to perform Terraform destroy to delete all provisioned resources.
Under the workspace setting select Distruction and Deletion
Click Queue destroy plan to perform a destroy.
To confirm destroy you need to add the workspace name.
This will trigger a workflow to destroy the plan and ask for approval.
After destroy plan is confirmed Terraform destroys the infrastructure from Azure.
Conclusion
Terraform Cloud provides you with a better and more secure workflow for managing cloud infrastructure deployment. Terraform Cloud securely keep the state of the existing infrastructure. Integration with VCS allows us to build a more secure and robust CI/CD workflow for infrastructure provisioning.