Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Best terraform practices :
- 1) One of the most important things in terraform is to manage terraform state file. Ensure that the state is managed in the remote backend. e.g. s3 bucket
- 2) Let's say you have DEV, UAT, QA, PROD env. So keep completely separate working directories, keep one for each environment. For each working directory, maintain a separate configuration file and all. This way you can manage complete isolation for your environments.
- 3) Make use of terraform taint command to modify your resources which are already created by terraform.
- 4) Make use of terraform modules so that you can reuse the code
- 5) If multiple developers are working on terraform then to keep standardization about the code, keep private module registry in terraform cloud and inform developers to reference them.
- 6) Always make use of the terraform version to be fixed. e.g. "required_version >=0.12". This will make sure that everyone has the same version of terraform.
- 7) Use terraform console command to have an interactive UI with full access to the underlying terraform state to run your interpolations , and debug at real-time
- 8) If you have already created an environment which is not provisioned by terraform and you want to integrate the existing environment then make use of terraform import command to import each resource one by one.
- 9) If you are using terraform enterprise edition, enable sentinel, and write Policy-As-Code rules that will check for non-compliant resource provisioning , and prevent/report them.
- 10) Standard workflow is to write the terraform code, run terraform plan to check the changes , and run terraform apply to provision the infra.
- 11) Make use of terraform fmt to enable syntax level formatting and also use --recursive flag enabled to ensure that all child directories are also properly formatted along with parent directory
- 12) Enable terraform state locking for the S3 backend using DynamoDB table. This prevents others from acquiring the lock and potentially corrupting your state. Also enable versioning in s3 bucket
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement