Terraform cloud is a cloud infrastructure management tool that allows users to easily create and remotely manage their cloud infrastructure in a consistent and efficient manner. You can use it to manage cloud infrastructure, including Amazon Web Services, Google Cloud Platform, and Microsoft Azure.
Why Terraform Cloud?
If you are already running your infrastructure using Terraform, here are some reasons why you should consider migrating to Terraform Cloud:
- it allows you to store your state remotely and provide easy access to shared state, secret data and access controls – you can add users and assign different permissions to them, i.e. owners or developers.
- you can manage infrastructure at scale, which means that users can easily manage large numbers of resources across multiple cloud providers and environments.
- you can utilise workspaces to manage your collections of infrastructure – this allows to manage multiple resources, as well as grant individual users and user groups permissions for each workspace. You can read more about how to take advantage of workspaces features (here).
- allows store sensitive variables securely – you can store your variables in variable sets and apply them to all workspace or overwrite the values on a workspace level.
- do it your way – you can manage Terraform runs through 3 different workflows:
UI/VCS driven workflow
Here you are connecting your VCS to Terraform Cloud. Easily integrate version control such as GitHub,GitLab, BitBucket or Azure Devops and automatically initiate Terraform runs when changes are committed to the specified branch without the box triggers.
CLI driven workflow
You can use your standard Terraform CLI to trigger remote runs.
API driven workflow
You can manage and trigger runs through other tools by triggering calls to Terraform Cloud.
More about VCS workflows
Version Control Workflow in Terraform cloud is something worth spending a bit more time on when configuring your workspace. Here are a few things that I find useful about VCS config in Terraform Cloud:
- initiating speculative plans every time a PR is created against the default branch (this is set up by default so you don’t have to do anything)
- once PR is merged this will trigger plan and apply, however by default apply will require manual approval.
You have various triggers to choose from, and this is where you can really customise your deployment triggers:
- pattern based triggers (recommended)
Use glob patterns to select which changes should trigger runs and ignore others, ie:
/submodule/**/*.tf if you only require a run when .tf in submodule files were changes or
/networking/**/* any changes in the files that have networking in their path will trigger a run
- Prefix based triggers: where you select which directory
path should be tracked and trigger a run. One of the examples here would be to track changes in modules directory in each workspace.
- git tag based triggers: run will only be triggered when indicated git tag is published.
It's worth noting that path based triggers are especially useful for monorepos. When setting up your Terraform Cloud organisation and workspaces it is good to assess and implement triggers that are right for your use case.
Migrate your existing Terraform infrastructure to Terraform Cloud
First lets start with prerequisites:
After making sure we have our Terraform Cloud account ready, let’s migrate existing state to Terraform Cloud:
- Replace your backend config with:
Log in to terraform cloud in the CLI by running:
terraform login. You will be taken to Terraform Cloud website where you will create API token, that you need to copy and paste in your command line.
- (optional) Set up version control. You can set this either for workspace or for the whole organisation.
- Set up correct working directory i.e.
- After verifying that Terraform migrated your state to Terraform Cloud, remove your local state file.
- (optional) Create variable sets with variables that are shared across organisation (note that these can still be overwritten in workspace if necessary)
- (optional) Migrate workspace .tfvars variables and assign them values in Terraform Cloud.
What about the cost?
We often hear that migrating to Terraform Cloud will be costing organisations a lot, however, this definitely wouldn’t be the case if you are working in a small team, and do not need access to advanced features such as team management and Policy as code (Sentinel policy as code). You can utilise the free plan, which allows up to 5 users. This way your organisation will have an opportunity to assess whether Terraform Cloud is the right tool without incurring any cost.