Cloud Compliance & Management with Terraform - Benefits of the Private Module Registry
Apr 01, 2020
What is a Terraform Module and how does having a private, internal module registry benefit your organization?
- Corrigan NeralichSolutions Engineer, HashiCorp
We have talked about how Terraform Enterprise can solve some of the initial challenges that organizations face when adopting Terraform at large, which includes security challenges: How do we secure our credentials or sensitive API credentials, ensuring that our state files are encrypted and we limit access accordingly? And how do we codify policies that represent best practice to enforce prescriptive workflows and enforce best practice for our organization?
The next challenge that comes with adopting Terraform across multiple business units internally is, How do we increase efficiency?
We don't want everyone to face the same steep learning curve when it comes to adopting a new tool. We want to make sure that we're keeping our code DRY, adhering to the best practice of "Do not repeat yourself."
Dealing with discoverability and consumption in Terraform
Invariably what organizations start to do is decomposing monolithic infrastructure into reusable modules or templates that teams can consume in future projects to reduce the amount of time it takes to launch a project or to deploy infrastructure.
One of the key challenges that starts to arise after you have begun modularizing is discoverability and consumption. You have lots of different modules that do either very specific things or might do quite a number of things.
And the individuals internally that you bring on board, with varying degrees of familiarity with Terraform, face 2 challenges.
The first is, How do I find which modules exist? How do I know which modules my team has built? How do I find them, and how do I understand what it is that that module does?
The second challenge is, How do I then consume these modules? How do I start incorporating them into my own configuration files so that I can go deploy this infrastructure?
Historically what we see is organizations place these modules into sub-folders in mono repos. And the best way for individuals to discover these things is to click into each folder, examine the code, and come to an understanding of what exactly this module does, what are the required inputs, what kind of outputs are provided?
That can be quite challenging and doesn't scale and isn't as efficient as would be desired.
Terraform Enterprise offers a solution
In Terraform Enterprise, we solved this in a very elegant way. We give you the ability to provide for your organization what we call the private module registry. This is a centralized module catalog where your team can, in a single place, see exactly which modules exist that have been built out by your code producers within your organization.
They can see at a very granular level what these modules do, what are the required inputs, what are optional, what are the available outputs.
But taking it one step further to the consumption pieces, you face that challenge of, I now know where these are and what they do; how do I incorporate them?
A shopping cart for modules
Within the Enterprise solution, we have what we call the design configuration tool. This is a shopping cart for modules. Any individual can go in and select which modules they need, and from right there within the GUI itself, they can be solicited for inputs relevant to those modules.
After they've provided those inputs, they receive a pre-formatted block of Terraform code that they can incorporate into their project. So without this individual really having to have a deep understanding of the underlying configurations and all of the Terraform code, it becomes very easy for him or her to find these modules, select which ones they need based on what those modules do, and ultimately start incorporating them into their projects to go deploy that infrastructure.
Now of course all of this would be flowing through the exact same workflow that we described earlier. Each of these projects would in turn have its own workspace, its own RBAC, its own security layer, as well as its own Sentinel policies.
Guardrails for teams
With this great enablement that you've provided by opening this tool up to multiple individuals internally, you can ensure that you still have those guardrails in place so that they're not doing anything that you wouldn't want them to do.
As we've shown, many challenges arise when adopting Terraform open source at scale across organizations, and Terraform Enterprise provides many solutions to those challenges to help address the security, workflow, and discoverability and consumption challenges that organizations invariably face. To learn more, visit app.terraform.io.