New York City HUG meetup 3rd of December 2018 - https://www.meetup.com/New-York-HashiCorp-User-Group/events/256411425

1. Terraform modules and (some of)
best-practices
Anton Babenko
@antonbabenko
December 2018

2. Anton Babenko
Terraform AWS fanatic since 2015.
HUG, AWS, DevOps Norway, DevOpsDays Oslo…
I 💚 open-source:
terraform-community-modules + terraform-aws-modules
antonbabenko/pre-commit-terraform — auto-formatting code and documentation
antonbabenko/modules.tf-lambda — Terraform configurations from visual diagrams
www.terraform-best-practices.com
medium.com/@anton.babenko
@antonbabenko - Twitter, and many Slacks

3. Collection of open-source Terraform AWS modules supported by the community.
More than 2 millions downloads.
(VPC, Autoscaling, RDS, Security Groups, ELB, ALB, Redshift, SNS, SQS, IAM, EKS, ECS…)
github.com/terraform-aws-modules
registry.terraform.io/modules/terraform-aws-modules

4. Write, plan and manage infrastructure as code
www.terraform.io

5. Google Cloud
Deployment Manager
Azure Resource
Manager

7. Plus100+moreproviders

8. Terraform — is a universal tool to manage
anything that has an API
GSuite
Dropbox files and access
New Relic metrics
Datadog users and metrics
Bugs in Jira
All Terraform providers

9. VPC, please!

14. Problems
Code size is growing
Complicated dependencies

15. Solution — Terraform modules

16. Terraform modules are self-contained
packages of Terraform configurations that are
managed as a group.

17. Resource modules
Only create resources in a very flexible way
Open-source

18. Resource modules

20. Infrastructure modules
Consist of resource modules
Company standards and tags
Pre-processors, jsonnet, cookiecutter

21. Infrastructure modules

23. Types of Terraform modules
Resource modules (terraform-aws-modules, for example)
Infrastructure modules

24. - [ ] How to write modules
- [ ] How to use modules

25. Tip №0
Check Terraform Registry before writing new resource module.

26. Hide specifics

29. Size

30. Size
https://github.com/mbtproject/mbt

31. Things to avoid in Terraform modules

32. Exception: logical providers (template, random, local, http, external)
Providers in modules — bad

34. Provisioner — bad
Avoid provisioners in all resources

35. Provisioner — bad
Avoid provisioners even inside EC2 resources

36. Provisioner — bad
Avoid provisioners even inside EC2 resources

39. null_resource provisioner — good

40. Traits of good Terraform modules
Documentation and examples
Feature-rich
Sane defaults
Clean code
Tests
Read more: http://bit.ly/common-traits-in-terraform-modules

41. - [x] How to write modules
- [x] Do not write, if possible
- [x] Do not use: providers and provisioners
- [ ] How to use modules

42. How to use Terraform modules
Many resources, many modules
How to organize and use them?
How to orchestrate them?

43. All in one
Good:
Declare variables and outputs in
fewer places
Bad:
Large blast radius
Everything is blocked at once
Not possible to specify dependenies
between modules (depends_on)

44. 1-in-1
Good:
Small blast radius
Possible to chain calls
Faster and easier to work with
Bad:
Declare variables and outputs
in several places

45. How is it in your project?
"All in one" or 1-in-1 ?

46. Correct
Most frequent answer:
"somewhere in between" + "it depends"

47. What about orchestration in your project?
-target
Makefile
…

48. Orchestration in Terraform

49. Do not try this at home!

50. Orchestration = Terragrunt
https://github.com/gruntwork-io/terragrunt/

51. Orchestration = Terragrunt

52. Orchestration = Terragrunt

53. Orchestration = Terragrunt

54. Orchestration = Terragrunt

55. Orchestration = Terragrunt
tfvars can’t contain dynamic values :(

56. Orchestration = Terragrunt
tfvars can’t contain dynamic values,
so I fixed it :)

57. before_hook + shell-script
See this: https://github.com/antonbabenko/modules.tf-lambda/blob/master/
templates/terragrunt-common-layer/template/common/scripts/
update_dynamic_values_in_tfvars.sh
Or try it yourself by using cloudcraft.co

58. Edge cases
Different AWS regions (S3 signature, EC2 ClassicLink, IPv6)
Age of AWS accounts
Limits in AWS

59. Avoid in Terraform
Non-sensitive arguments in CLI. Put them in tfvars file.
• -target
• -parallelism
Terraform workspaces => Separate directory
Dependency hell in modules

60. - [x] How to write modules
- [x] How to use modules
- [x] 1-in-1 much better over time
- [x] Orchestration = Terragrunt
- [x] Dynamic values in tfvars
- [ ] What is next?

61. Terraform 0.12
HCL2 — simplified syntax
Loops ("for")
Dynamic blocks ("for_each")
Correct operations of comparison (… ? … : …)
Extended types in variables
Templates in string values
Links between all resources everywhere (depends_on)
Read more — https://www.hashicorp.com/blog/terraform-0-1-2-preview

62. Summary
Write less and simpler — Terraform 0.12 will not fix your code for you
Use existing modules and tools

63. BONUS

66. cloudcraft.co features
Manage AWS components in browser (EC2 instances, autoscaling groups, RDS,
etc)
Connect components
Import live AWS infrastructure
Calculate the budget
Share link to a blueprint
Export as image
Embed drawing to wiki, Confluence, etc

69. Infrastructure as code generator — from visual diagrams to Terraform

70. ✓ cloudcraft.co — design, plan and visualize
✓ terraform-aws-modules — building blocks of AWS infrastructure
✓ Terraform — infrastructure as code

71. modules.tf notes
✓ Available for all users: https://cloudcraft.co/
✓ Generates potentially ready-to-use Terraform configurations
✓ Suits best for bootstrapping
✓ Enforces Terraform best practices
✓ Batteries included (terraform-aws-modules, terragrunt, pre-commit, …)
✓ 100% free for all & open-source (https://github.com/antonbabenko/
modules.tf-lambda )
✓ Want to sponsor, or a sticker? Contact me.

72. modules.tf demo

73. Thanks to my supporters!

74. Cloudcraft — the best way to draw AWS diagrams
cloudcraft.co

75. Thanks!
Questions?
In progress — www.terraform-best-practices.com
github.com/antonbabenko
twitter.com/antonbabenko