Organizations of all sizes are adopting cloud-based services for application workloads. Using cloud-based services enables development teams to operate with a much greater degree of independence from the underlying operational constraints of infrastructure. For most organizations, this means navigating the transition from a relatively static pool of homogeneous infrastructure in dedicated data centers to a distributed fleet of servers spanning one or more cloud providers. We believe the best way to provision cloud-based infrastructure for these organizations is to take a collaborative approach, where teams of operators can all use infrastructure as code to create and manage the infrastructure.
HashiCorp Terraform enables you to safely and predictably write, plan, and provision infrastructure as code, creating the core workflow for provisioning. Organizations then use Terraform Enterprise to enable collaboration and govern the responsibilities between that organization’s different teams, roles, applications, and deployment tiers.
This is a journey, and not every organization can jump directly to practicing collaborative infrastructure as code. It’s built on top of many other IT best practices, like using version-controlled infrastructure with GitHub and preventing manual changes. Organizations need to adopt these foundations before they can practice a collaborative infrastructure as code workflow. To help organizations navigate this transition, we have written a comprehensive Terraform Recommended Practices guide in collaboration with Contino.
Amidst this transition to cloud, there are two types of challenges every organization faces when trying to improve their provisioning practices: technical complexity and organizational complexity.
Technical complexity refers to the heterogeneity operators have to deal with when provisioning IaaS, SaaS, and PaaS from various providers (private cloud, public cloud, and external services). This technical complexity makes it difficult for enterprises to scale infrastructure quickly or use infrastructure best suited to their workloads.
Terraform addresses this complexity by providing one workflow to provision resources on any provider. It uses a single core engine to read infrastructure as code configurations and determine the relationships between resources, then uses many provider plugins to create, modify, and destroy resources on the target infrastructure providers.
As infrastructure scales, it requires more teams to provision and manage it. For effective collaboration, it’s important to delegate ownership of infrastructure across these teams and empower them to work in parallel without conflict. This approach can decompose infrastructure in much the same way development teams transitioned from monolithic applications to microservices to manage scale. Infrastructure teams are transitioning from monolithic infrastructure to specific infrastructure workspaces (networking, storage and compute, monitoring, etc.) to efficiently manage infrastructure at scale.
Terraform Enterprise provides collaboration and governance functionality to safely manage infrastructure at scale. Workspace management enables a team of operators to connect to version control where infrastructure repositories are maintained, collaborate to create and update infrastructure, and perform Terraform runs. To enable governance of infrastructure at scale, Terraform Enterprise allows the codification of provisioning policies using HashiCorp’s Sentinel policy as code framework. Policies are applied during a Terraform run to ensure infrastructure is compliant with business policy before provisioned.
Before you can implement collaborative infrastructure as code workflows with Terraform Enterprise, you need to understand which practices you’re already using, and which ones you still need to implement.
The full documentation includes a set of questions to properly identify your operational maturity as it relates to infrastructure provisioning. This helps in identifying the next steps for your organization to move forward. The levels of operational maturity include: manual, semi-automated, infrastructure as code, and collaborative infrastructure as code.
This blog is an introduction to the complete Terraform Recommended Practices guide. Our goal for the guide is to meet organizations where they are today in their journey to collaborative infrastructure automation, and help them move on to the next stage of operational maturity. For example, if you are primarily provisioning infrastructure manually, your first goal is to begin using Terraform open source in a small, manageable subset of your infrastructure. Once you’ve gotten some initial success using Terraform, you’ll have reached the semi-automated stage of provisioning maturity, and can begin to scale up and expand your Terraform usage.
This guide is a collaboration between HashiCorp and one of our system integration partners, Contino, who has expertise working with organizations at many different levels of organizational maturity with respect to collaboration, infrastructure as code, and Terraform.
For more information on Terraform Enterprise or to get started with your free trial, visit the Terraform product page.
AWS Control Tower Account Factory for HashiCorp Terraform (AFT), the evolution of Terraform Landing Zones, offers an easy way to set up and govern a secure, multi-account AWS environment.
During 2021, HashiCorp and Amazon Web Services have partnered to bring hundreds of new services and features to the Terraform providers for AWS and AWS Cloud Control.
Visit us at AWS re:Invent 2021 in Las Vegas, Nov. 29 - Dec. 3 for breakout sessions, expert talks, and product demos to accelerate your cloud strategy.