In today’s hybrid and multi-cloud world, there has been an explosion of new applications, tools, and services that organizations can now use to become more efficient. But as the number of providers and services used increases, it gets increasingly harder for clients to manage their infrastructure across public clouds and on-premises infrastructure. The effort to build and maintain these will push far beyond the capacity of humans to support, magnifying organizational risk and complexity.
This new landscape prompts the need for more effective Infrastructure Lifecycle Management that uses automation to build (Day 0), deploy (Day 1), and then manage (Day 2+) infrastructure over time:
- Day 0 represents the initial provisioning of the infrastructure resources in question. It’s “0” (zero) in that nothing else can be done to said infrastructure before it even exists.
- Day 1 refers to what happens after a unit of infrastructure is provisioned. It focuses on how a particular set of resources are configured.
- Day 2+ refers to the ongoing management and optimization of infrastructure after it is provisioned and configured. This includes health monitoring to ensure infrastructure stays in its desired state and decommissioning once it is no longer needed.
HashiCorp Terraform is widely adopted for Day 0/1 CRUD operations, offering a declarative, reproducible, and version-controlled approach to infrastructure provisioning. However, organizations adopting hybrid cloud infrastructure quickly find that effectively managing infrastructure over time requires much more than just initial provisioning.
This post will look in depth at a new feature — Terraform actions — that brings Day 2 operations that were previously handled outside of Terraform into its workflow.
»Deployment isn't the finish line
After working with thousands of the world’s largest organizations, one theme is clear, the biggest infrastructure risks come after deployment.
While Day 0 and Day 1 are essential to building a solid foundation for your infrastructure, the majority of the work and effort arises during ongoing maintenance. Some common Day 2 infrastructure pain points we see are:
- Operational burdens: Manual updates, patches, and decommissioning across different environments and fragmented toolsets
- Security risks: Difficulty keeping infrastructure compliant and secure over time
- Cost challenges: Managing long-lived unneeded resources that quietly drive up spend
While HCP Terraform already serves as a powerful tool for ongoing infrastructure management, providing capabilities such as drift detection, continuous validation, and standardized module revocation, a number of Day 2 operational tasks are still handled outside of Terraform.
This can lead to fragmented workflows and increased overhead, as it becomes difficult to maintain a single source of truth when changes take place across different systems. This has prompted the need for a better way to trigger external operations during a Terraform run without leaving the Terraform workflow.
»Standardizing Day 2 operations
Terraform actions introduce a way to codify and automate Day 2 infrastructure operations by triggering third-party tools outside of Terraform. Built directly into Terraform providers, actions provide preset operations that extend Terraform’s automation capabilities for common Day 2 tasks. These actions can be invoked before or after a resource's lifecycle events, such as create or update, or ad hoc via the CLI terraform apply -invoke command. By codifying more Day 2 operations, organizations can reduce operational costs and accelerate delivery by automating previously manual, error-prone tasks. Actions provide two major benefits for Terraform users:
- Unified Day 2 management: Module authors can define Day 2 infrastructure operations in code alongside the rest of their infrastructure — offering a clear association between Day 2 actions and managed resources — and optionally invoke the operations with lifecycle triggers.
- Native workflow: By bringing more Day 2 infrastructure operations within Terraform, users can extend its utility by unifying more operations in one control plane. This ensures consistency and brings teams closer to having a single source of truth for all infrastructure.
»Terraform actions examples
The Terraform actions beta announcement included a number of new actions built into providers such as AWS, Microsoft Azure, and the Red Hat Ansible Automation Platform (AAP):
»AAP
Terraform and Ansible are two of the most widely used tools in infrastructure management. With Terraform serving Day 0 infrastructure provisioning needs and Ansible excelling at configuration management, together they form a solid foundation for standing up infrastructure.
The Terraform action built for the Red Hat Ansible Automation Platform (AAP) provider is able to dispatch an event that triggers AAP’s Event Driven Ansible (EDA) capability to run dynamic automation workflows from Ansible, all with just one Terraform apply. This interconnectivity helps unify your infrastructure toolset and reduce friction across Day 2 operations.
»AWS
In AWS environments managed by Terraform, a number of Day 2 tasks emerge that often require teams to switch to the AWS console. Some examples include manually invoking Lambda functions, creating invalidation requests for CloudFront’s cache, or sending alerts and notifications via SNS. With actions, Terraform users are able to accomplish all of these tasks and more, without leaving Terraform workflows.
»Azure
Similarly in Microsoft Azure, tasks often require teams to switch to their Azure portal dashboard, such as power cycling virtual machines. With Terraform actions, users can accomplish these tasks from the Terraform CLI or standard Terraform plan/apply workflows.
»Getting started with Terraform actions
Terraform actions marks another step in our continued effort to help simplify Day 2 infrastructure workflows for Terraform users. For more information on getting started, please refer to the Invoke actions documentation.
New to Terraform? Get started with HashiCorp-managed HCP Terraform for free to begin provisioning and managing your infrastructure in any environment.
