Terraform Building Blocks and Best Practices

Published by michal on

A Comprehensive Guide

Understanding Terraform’s basic building blocks is crucial for effective infrastructure management. This guide covers essential components and best practices for structuring your Terraform code.

Core Building Blocks

Provider Configuration

Providers are your gateway to various cloud platforms. Here’s how to configure one:

provider "aws" {
  region = "us-west-2"
  profile = "production"
}

Variables

Variables make your configurations flexible and reusable:

variable "environment" {
  type        = string
  description = "Deployment environment"
  default     = "development"
}

There are multiple ways to pass variables to Terraform.

Command Line Flags

terraform apply -var="instance_type=t2.micro" -var="region=us-west-2"

Variable Files (.tfvars)

# dev.tfvars
instance_type = "t2.micro"
region = "us-west-2"

Apply with

terraform apply -var-file="dev.tfvars"

Environment Variables

export TF_VAR_instance_type="t2.micro"
export TF_VAR_region="us-west-2"

Default Variables in Code

variable "instance_type" {
  type    = string
  default = "t2.micro"
}

Precedence (highest to lowest)

  1. Command line flags
  2. tfvars files
  3. Environment variables
  4. Default values

Sensitive values

  • Use environment variables
  • Store in secret management systems
  • Never commit to version control

Auto-loading files

  • terraform.tfvars
  • *.auto.tfvars
    These are automatically loaded without -var-file flag

Resources

Resources are the infrastructure components you want to create:

resource "aws_instance" "web_server" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"

  tags = {
    Name        = "web-${var.environment}"
    Environment = var.environment
  }
}

Data Sources

Data sources fetch information about existing infrastructure:

data "aws_vpc" "existing" {
  id = "vpc-123456"
}

Outputs

Outputs expose specific values from your infrastructure:

output "instance_ip" {
  value       = aws_instance.web_server.public_ip
  description = "Public IP of web server"
}

Local Values

Locals help reduce repetition in your configurations:

locals {
  common_tags = {
    Project     = "MyProject"
    Environment = var.environment
  }
}

Modules

Modules enable code reuse and organization:

module "vpc" {
  source = "./modules/vpc"

  name             = "main-vpc"
  cidr             = "10.0.0.0/16"
  private_subnets  = ["10.0.1.0/24", "10.0.2.0/24"]
  public_subnets   = ["10.0.101.0/24", "10.0.102.0/24"]
}

Advanced Features

Conditional Expressions

Use conditions to make your infrastructure dynamic:

resource "aws_instance" "application" {
  count = var.environment == "production" ? 2 : 1

  instance_type = var.environment == "production" ? "t2.medium" : "t2.micro"
}

Dynamic Blocks

Create repeated nested blocks efficiently:

resource "aws_security_group" "example" {
  dynamic "ingress" {
    for_each = var.service_ports
    content {
      from_port   = ingress.value
      to_port     = ingress.value
      protocol    = "tcp"
      cidr_blocks = ["0.0.0.0/0"]
    }
  }
}

Backend Configuration

Manage your Terraform state:

terraform {
  required_version = ">= 1.0.0"

  backend "s3" {
    bucket         = "terraform-state"
    key            = "prod/terraform.tfstate"
    region         = "us-west-2"
    encrypt        = true
    dynamodb_table = "terraform-locks"
  }
}

Terraform Cloud

Terraform Cloud is a managed service platform by HashiCorp that provides:

Core Features

  • Remote state management
  • Secure variable storage
  • Policy enforcement
  • Team collaboration
  • Run history and logging
  • Private registry for modules
  • VCS integration

Key Benefits

State Management

  • Centralized state storage
  • State locking
  • Version history
  • Backup and restore

Security

  • Encrypted variables
  • RBAC controls
  • Audit logging
  • Policy enforcement

Collaboration

  • Shared workspaces
  • Run approvals
  • Comments and notifications
  • Cost estimation

Automation

  • API-driven workflows
  • CI/CD integration
  • Automatic runs on changes
  • Custom triggers

When to Use

  • Teams working together on infrastructure
  • Need for governance and compliance
  • Complex deployment workflows
  • Enterprise-scale infrastructure
  • Remote operations requirements

Alternatives

  • Self-hosted Terraform Enterprise
  • S3 + DynamoDB for state management
  • Custom CI/CD pipelines

Would you like more details about any specific aspect of Terraform Cloud?

Best Practices

State Management

  • Use remote state storage (S3 or Terraform Cloud)
  • Enable state locking
  • Maintain separate states per environment

Code Organization

├── environments/
│   ├── dev/
│   ├── staging/
│   └── prod/
├── modules/
└── terraform/

Security Best Practices

  • Never commit credentials
  • Implement least privilege access
  • Use provider authentication best practices

Version Control

  • Lock provider versions
  • Version your modules
  • Document dependencies

Naming and Tagging

  • Use consistent naming conventions
  • Implement comprehensive tagging
  • Add environment prefixes

Conclusion

Understanding these building blocks and following best practices will help you create maintainable and scalable infrastructure code. Remember to review HashiCorp’s documentation for updates and new features regularly.

Categories: CloudDevOpsIaC
Tags:

Related Posts

Cloud DevOps IaC

Understanding Terraform

Terraform introduced a fundamental shift in how infrastructure is built and operated — treating cloud environments as versioned, reproducible code instead of manual configuration. This post explains Terraform from first principles, breaking down core concepts like infrastructure as code, state management, providers, and execution workflows to help engineers understand not just how Terraform works, but why it became a cornerstone of modern cloud engineering.

DevOps Fundamentals

Intro to Git

Git is a free and open-source distributed version control system designed to handle everything from small to extensive projects with speed and efficiency.