Definition

Terraform

By

Rahul Awati
Alexander S. Gillis, Technical Writer and Editor

What is HashiCorp Terraform?

HashiCorp Terraform is an infrastructure as code (IaC) software tool that allows DevOps teams to automate infrastructure provisioning using reusable, shareable, human-readable configuration files. The tool can automate infrastructure provisioning in both on-premises and cloud environments.

infrastructure as code (IaC) features — Infrastructure as code software like HashiCorp's Terraform translates a data center's physical resources, services and discrete configurations into code. This enables IT teams to automatically provision and manage those resources.

Infrastructure as code and Terraform

Infrastructure as code is the practice of provisioning and managing IT infrastructure through programming. In contrast to manual infrastructure management where each required resource is manually configured by a human, IaC allows DevOps teams to programmatically and automatically manage, monitor and provision the resources they need.

Using Terraform, teams can describe and provision all the components of the infrastructure in the form of code. The code resides in configuration (config) files that can be easily shared, reused and versioned. The files help create a consistent workflow to manage the entire cloud or data center infrastructure and its resources throughout their lifecycle.

Terraform's config files are declarative, that is, they describe the infrastructure's end state. The tool itself handles the underlying logic eliminating the need to write step-by-step instructions -- a cumbersome and time-consuming process -- to create the required infrastructure resources.

The files codify the application programming interfaces (APIs) for cloud platforms and other services, making it easy for DevOps teams to do the following:

Provision resources from any cloud provider.
Implement security and compliance guardrails to standardize the infrastructure.
Utilize standardized and reliable workflows for consistent infrastructure provisioning, collaboration and reuse.
Integrate the self-service infrastructure with VCS, ITSM and CI/CD.

Terraform can manage infrastructure components, including compute, storage and networking resources, and high-level components like DNS entries. It can also be used to automate the provisioning of firewall policies, databases and servers. A Cloud Development Kit for Terraform (CDKTF) is available to help teams manage infrastructure with their preferred programming language, including TypeScript, Python, Go, C# and Java.

How Terraform works

Terraform uses APIs to automatically create and manage infrastructure resources. All major cloud providers provide accessible APIs that work with Terraform and enable the tool to create declarative configuration files. These providers are listed in the Terraform Registry. The Registry also lists the modules, policy libraries and tasks that teams can use to quickly deploy common infrastructure configurations and automatically manage them via code.

HashiCorp Terraform screenshot — Terraform allows IT teams to create sustainable infrastructure as code.

Terraform's workflow occurs in three stages. In stage 1 (write), a user defines the required resources in configuration files. These resources may be across multiple on-premises or cloud environments, and multiple providers and services. Once the user reviews and confirms the required stages, the next stage (plan) begins. Here Terraform creates an execution plan describing the actions it will take to create or update the infrastructure.

The user must approve the plan before Terraform will make changes to the infrastructure. After approval, Terraform performs the proposed operations in the given order (stage 3 – apply). It will always check resource dependencies before making changes. For instance, if a user changes the number of VMs in a VPC (virtual private cloud), Terraform will first recreate the VPC and then scale up the VMs.

HashiCorp Terraform screenshot showing the use of modules — IT teams can use modules -- self-contained configuration package (prebuilt or created by the user) -- to streamline the use of Terraform.

Benefits of Terraform

Terraform makes it easy to automate infrastructure provisioning on any cloud or data center. It also tracks all changes in a state file. The file can be committed to a version control system (VCS) and acts as a source of truth for the infrastructure. It thus provides more transparency and prevents unauthorized changes.

Also, Terraform handles the underlying logic when resources are created, removing the need for human input or effort. It also determines resource dependencies with a resource graph and can create or modify nondependent resources in parallel. All of this ensures that resources are provisioned properly, efficiently and in the correct order.

Teams can collaborate and manage Terraform workflows using Terraform Cloud. They can run Terraform in a consistent environment and securely access shared state and secret data. Additionally, they can implement role-based access controls (RBACs) to standardize and secure the infrastructure, and use a private registry to share modules and providers.

HashiCorp Terraform best practices — A few best practices to keep in mind when using HashiCorp Terraform.

Common use cases for Terraform

The most common use case for Terraform is IaC. The infrastructure deployments created with Terraform can be easily integrated with existing CI/CD workflows. The tool is also useful in other ways. For example, teams can use Terraform to automatically update load balancing member pools and other key networking tasks.

Terraform is also useful for multi-cloud provisioning. With Terraform, development teams can deploy serverless functions in AWS, manage Active Directory (AD) resources in Microsoft Azure, and provision load balancers in Google Cloud. They can also use Terraform (with HCP Packer) to create and manage multi-cloud golden image pipelines and deploy and manage multiple virtual machine (VM) images.

Some other use cases for Terraform include the following:

Manage Kubernetes clusters on any public cloud (AWS, Azure, Google).
Enforce policy-as-code before infrastructure components are created and provisioned.
Automate the use of secrets and credentials in Terraform configurations.
Codify existing infrastructure by importing it into an empty Terraform workspace.
Migrate state to Terraform to secure it and easily share it with authorized collaborators.

Terraform editions

Terraform is available in three versions: Open Source, Cloud and Enterprise:

Terraform Open Source

Terraform Open Source is a free tool to adopt IaC and provision infrastructure on any cloud provider. The tool automatically manages configuration, plugins and state, and adds all config files into a VCS to safely manage and track changes. It also includes templates called modules to speed up infrastructure deployment and group it into logically related components.

Terraform Cloud

Terraform Cloud is a SaaS tool that runs in a stable, remote environment and securely stores state and secrets. It provides a rich user interface, RBACs, a private registry and an API to integrate it into existing workflows. Teams can publish their configuration modules (that define approved infrastructure patterns) in the private registry. They can also enforce security rules with the Sentinel embedded policy-as-code framework. The tool connects to common VCS like GitHub, GitLab and Bitbucket. It can be integrated with the Terraform CLI.

Terraform Enterprise

Terraform Enterprise is suitable for teams looking to set up a self-hosted distribution of Terraform Cloud and for organizations with strict security and compliance requirements. This version supports air gapped and active-active architectures and allows private networking. HashiCorp provides dedicated support to set up a private instance of Terraform using Terraform Enterprise.

Explore the differences between Ansible versus Terraform versus Vagrant infrastructure as code automation platforms. Learn how to manage multiple environments with Terraform workspaces. Check out this Terraform Registry tutorial to build and share modules.

This was last updated in August 2023

Continue Reading About Terraform

Terraform cheat sheet: Notable commands, HCL and more

Compare Azure Bicep vs. Terraform to provision infrastructure

Deploy an app on Google Cloud Run with Terraform

Deploy and manage Azure Key Vault with Terraform

How to launch an EC2 instance using Terraform

Dig Deeper on Systems automation and orchestration

Software Quality

Amazon Bedrock users adapt app dev to GenAI
Early adopters of Amazon Bedrock shared lessons learned about incorporating generative AI into software engineering workflows, ...
Positive vs. negative testing: Differences and examples
Take an in-depth look at positive and negative testing. Learn how to use both to form the basis of a thorough testing approach ...
The 7 stages of the SDLC explained
The development process can be broken into seven distinct phases that transform high-level plans into production-ready software. ...

App Architecture

Using bounded context for effective domain-driven design
Domain-driven design helps organizations develop software focused on key business needs. But to do so, architects need to ...
Object-oriented vs. functional programming explained
While plenty of developers entertain the idea of adopting a functional programming model, it's important to first know exactly ...
The 5 SOLID principles of object-oriented design explained
In this primer on SOLID, we'll examine the five principles this development ideology embodies, the practices they encourage and ...

Cloud Computing

6 best practices for a cloud-first strategy
Adopting a cloud-first strategy requires careful consideration to ensure affordability and optimal performance. Implement a ...
Troubleshooting 7 common errors in AWS CloudFormation
Errors can occur when an AWS developer builds a CloudFormation template, launches a stack or rolls back an update. Prevent and ...
Explore CASB use cases before you decide to buy
CASB tools help secure cloud applications so only authorized users have access. Discover more about this rapidly evolving ...

AWS Control Tower aims to simplify multi-account management
Many organizations struggle to manage their vast collection of AWS accounts, but Control Tower can help. The service automates ...
Break down the Amazon EKS pricing model
There are several important variables within the Amazon EKS pricing model. Dig into the numbers to ensure you deploy the service ...
Compare EKS vs. self-managed Kubernetes on AWS
AWS users face a choice when deploying Kubernetes: run it themselves on EC2 or let Amazon do the heavy lifting with EKS. See ...

TheServerSide.com

Use sealed classes in Java to control your inheritance
Need to limit the number of possible subclasses in your codebase? Here comes Java's sealed classes to your rescue.
Know how and when to use blockchain vs. distributed ledgers
Blockchain and distributed ledgers are similar but not quite synonymous. Learn their differences and how they are used, including...
Consider these 6 factors to decide when to quit your job
Unsure if you're truly ready to quit your job? Consider these tips and questions to help you decide to move to a new role, ...

How to maintain data center power systems
Regular maintenance of data center power systems is necessary to have properly functioning equipment and backup power options. ...
How to calculate data center cooling requirements
Data center cooling requirements are affected by several factors, including the equipment's heat output, floor area, facility ...
Lenovo, AMD broaden AI options for customers
Lenovo is expanding its partnership with AMD to bring more options for servers and HCI devices aimed at AI. It also launched an ...

Close