Terraform Building Blocks and Best Practices

A Comprehensive Guide

Understanding Terraform’s basic building blocks is crucial for effective infrastructure management. This guide covers essential components and best practices for structuring your Terraform code.

Core Building Blocks

Provider Configuration

Providers are your gateway to various cloud platforms. Here’s how to configure one:

provider "aws" {
  region = "us-west-2"
  profile = "production"
}

Variables

Variables make your configurations flexible and reusable:

variable "environment" {
  type        = string
  description = "Deployment environment"
  default     = "development"
}

There are multiple ways to pass variables to Terraform.

Command Line Flags

terraform apply -var="instance_type=t2.micro" -var="region=us-west-2"

Variable Files (.tfvars)

# dev.tfvars
instance_type = "t2.micro"
region = "us-west-2"

Apply with

terraform apply -var-file="dev.tfvars"

Environment Variables

export TF_VAR_instance_type="t2.micro"
export TF_VAR_region="us-west-2"

Default Variables in Code

variable "instance_type" {
  type    = string
  default = "t2.micro"
}

Precedence (highest to lowest)

1. Command line flags
2. tfvars files
3. Environment variables
4. Default values

Sensitive values

• Use environment variables
• Store in secret management systems
• Never commit to version control

Auto-loading files

• terraform.tfvars
• *.auto.tfvars
  These are automatically loaded without -var-file flag

Resources

Resources are the infrastructure components you want to create:

resource "aws_instance" "web_server" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"

  tags = {
    Name        = "web-${var.environment}"
    Environment = var.environment
  }
}

Data Sources

Data sources fetch information about existing infrastructure:

data "aws_vpc" "existing" {
  id = "vpc-123456"
}

Outputs

Outputs expose specific values from your infrastructure:

output "instance_ip" {
  value       = aws_instance.web_server.public_ip
  description = "Public IP of web server"
}

Local Values

Locals help reduce repetition in your configurations:

locals {
  common_tags = {
    Project     = "MyProject"
    Environment = var.environment
  }
}

Modules

Modules enable code reuse and organization:

module "vpc" {
  source = "./modules/vpc"

  name             = "main-vpc"
  cidr             = "10.0.0.0/16"
  private_subnets  = ["10.0.1.0/24", "10.0.2.0/24"]
  public_subnets   = ["10.0.101.0/24", "10.0.102.0/24"]
}

Advanced Features

Conditional Expressions

Use conditions to make your infrastructure dynamic:

resource "aws_instance" "application" {
  count = var.environment == "production" ? 2 : 1

  instance_type = var.environment == "production" ? "t2.medium" : "t2.micro"
}

Dynamic Blocks

Create repeated nested blocks efficiently:

resource "aws_security_group" "example" {
  dynamic "ingress" {
    for_each = var.service_ports
    content {
      from_port   = ingress.value
      to_port     = ingress.value
      protocol    = "tcp"
      cidr_blocks = ["0.0.0.0/0"]
    }
  }
}

Backend Configuration

Manage your Terraform state:

terraform {
  required_version = ">= 1.0.0"

  backend "s3" {
    bucket         = "terraform-state"
    key            = "prod/terraform.tfstate"
    region         = "us-west-2"
    encrypt        = true
    dynamodb_table = "terraform-locks"
  }
}

Terraform Cloud

Terraform Cloud is a managed service platform by HashiCorp that provides:

Core Features

• Remote state management
• Secure variable storage
• Policy enforcement
• Team collaboration
• Run history and logging
• Private registry for modules
• VCS integration

Key Benefits

State Management

• Centralized state storage
• State locking
• Version history
• Backup and restore

Security

• Encrypted variables
• RBAC controls
• Audit logging
• Policy enforcement

Collaboration

• Shared workspaces
• Run approvals
• Comments and notifications
• Cost estimation

Automation

• API-driven workflows
• CI/CD integration
• Automatic runs on changes
• Custom triggers

When to Use

• Teams working together on infrastructure
• Need for governance and compliance
• Complex deployment workflows
• Enterprise-scale infrastructure
• Remote operations requirements

Alternatives

• Self-hosted Terraform Enterprise
• S3 + DynamoDB for state management
• Custom CI/CD pipelines

Would you like more details about any specific aspect of Terraform Cloud?

Best Practices

State Management

• Use remote state storage (S3 or Terraform Cloud)
• Enable state locking
• Maintain separate states per environment

Code Organization

├── environments/
│   ├── dev/
│   ├── staging/
│   └── prod/
├── modules/
└── terraform/

Security Best Practices

• Never commit credentials
• Implement least privilege access
• Use provider authentication best practices

Version Control

• Lock provider versions
• Version your modules
• Document dependencies

Naming and Tagging

• Use consistent naming conventions
• Implement comprehensive tagging
• Add environment prefixes

Conclusion

Understanding these building blocks and following best practices will help you create maintainable and scalable infrastructure code. Remember to review HashiCorp’s documentation for updates and new features regularly.

---