31 posts tagged with "Terraform"

Terraform has providers for AWS, Azure, GCP, Kubernetes, and hundreds of other services. But what happens when you need to manage resources in an internal API that no public provider supports? You write your own. Custom providers let you bring any API — your internal service catalog, a custom DNS system, or a configuration management platform — into the Terraform workflow. And the best part: the Terraform Plugin SDK v2 makes it surprisingly approachable.

You write perfect Terraform code. You apply it. Your infrastructure matches your configuration exactly. Then, two weeks later, someone logs into the AWS Console and changes a security group rule because "it was faster." Now your code says port 443 only, but reality says ports 443 and 8080. This gap between your Terraform code and actual cloud state is drift, and it is the silent killer of infrastructure as code.

Every team eventually needs the same infrastructure in multiple environments — development, staging, production. The configuration is 90% identical, but the instance sizes, replica counts, and domain names differ. Terraform provides no built-in "environment" concept, so the community has developed three approaches. Each has trade-offs, and picking the wrong one for your team size and complexity leads to pain that compounds over time.

Running Terraform from laptops and self-hosted CI works until your team hits 10 engineers and 20 state files. At that point, you spend more time managing the Terraform workflow than the infrastructure itself — who has access to which state, where are credentials stored, how do you enforce policies, and who approved that apply? Terraform Cloud (TFC) is HashiCorp's answer: a managed platform that handles state, execution, policies, and collaboration. But it comes with trade-offs in cost, flexibility, and vendor lock-in.

A well-designed Terraform module is a force multiplier — one module can standardize infrastructure across 50 teams and prevent the same misconfiguration from happening twice. A poorly designed module is a different kind of multiplier: it spreads complexity, creates tight coupling, and makes every change a breaking change. The difference comes down to design patterns. Terraform does not have classes or inheritance, but it has something better: composition.

Terraform state is the single source of truth for what Terraform manages. When you refactor your code — rename a resource, move it into a module, split a monolith into separate state files — the state needs to match. If it does not, Terraform sees a "delete old thing, create new thing" plan instead of recognizing it as the same resource with a new address. State surgery is how you fix that mismatch without destroying and recreating production infrastructure.