Сolorful bright violet purple tiles square mosaictiles wall of the bathroom

The Good and the Bad of Terraform Infrastructure-as-Code Tool

In the past few years, many organizations have migrated their IT resources from on-prem installations to the cloud, pursuing multiple benefits such as cost-effectiveness, streamlined operations, and unlimited scalability, to name just a few.  

The cloud enables companies to build intricate software, quickly update it, and make it instantly accessible to millions of users. Yet,  advancements lead to new obstacles. With the increasing number of services, business operations, and interactions, an IT infrastructure that supports them also grows in size and complexity. Companies can no longer manage IT resources manually, employing Infrastructure as Code (IaC) tools for automation.

Among various solutions available, Terraform stands out as one of the most popular and effective instruments. In this article, we'll delve into Terraform's capabilities, highlight its strengths and weaknesses, consider similar tools, and guide those interested in starting with Terraform.

What is Terraform?

Terraform is an open-source IaC solution created by HashiCorp and primarily employed by DevOps teams. According to the State of IaC 2023 report, it’s the most widely-used solution to manage cloud resources. But before diving into the secrets of Terraform’s popularity, let's learn its specific terms.

Resources in Terraform are infrastructure objects—for example, networks, virtual machines (compute instances), or DNS (domain name system) records.

Providers are plugins that enable interaction with cloud providers, SaaS providers, and other APIs. Without providers, Terraform can't manage any kind of infrastructure.

Modules are containers for multiple resources used together and are the main way to package and reuse resource configurations.

State refers to a critical component that stores information about managed infrastructure and configurations. It keeps bindings between objects in a remote system and resource instances declared in configuration.

Data sources allow Terraform to use information defined outside of Terraform, or by another separate Terraform configuration, or modified by functions. Each provider may offer data sources alongside its set of resource types.

Terraform can build, change, and version resources across the cloud-based and on-prem infrastructure. It handles various types of resources, ranging from low-level ones like storage and networking to higher-level components like SaaS applications.

Terraform is a fitting choice for organizations planning to implement a hybrid or multi-cloud environment due to its capability to employ the same configurations across various cloud providers.

How does Terraform work?

The core Terraform workflow comprises three stages.

Write. Here, an engineer declares the resources needed, which may span various cloud providers and services. In fact, you write Terraform configuration in your editor of choice like you would with code.

Plan. Terraform generates an execution plan describing the actions it will take—creating, updating, or destroying infrastructure—based on your configurations and the existing infrastructure.

Apply. After the engineer approves the changes, Terraform performs the planned operations in the proper order, respecting any resource dependencies.

The core Terraform workflow stages

The core Terraform workflow stages

In essence, Terraform creates a plan and asks for your confirmation before making any changes to your infrastructure. For a more in-depth understanding of the Terraform workflow, refer to this detailed guide.

Terraform's primary use cases

Here are some of the most common Terraform use cases.

Multi-cloud deployment. Terraform enables a unified workflow for multiple cloud providers handling dependencies between different platforms. This simplifies the management and orchestration of large-scale, multi-cloud infrastructures.

Software-defined networking. Software-defined networking (SDN) is a set of technologies that make it possible to manage networks via software. You can use Terraform to interact with SDN and programmatically configure networks based on the specific requirements of your application. This replaces ticket-based workflows that involve handling individual requests manually with an automated process, reducing deployment times.

Managing infrastructure for multi-tier applications. An application with a multi-tier architecture has separate layers for UI, databases, API servers, caching systems, and other system components. With Terraform, you can deploy, scale, and monitor the infrastructure supporting these various layers. The platform allows you to manage the resources in each tier together and automatically handles dependencies between layers. For example, Terraform will ensure the database tier is in place before provisioning the web servers that depend on it.

You can find out more about Terraform's other widespread use cases here.

The advantages of Terraform

The following is a list of Terraform's key strengths, demonstrating how the tool can simplify the complexities of managing IT resources.

Cross-platform portability

Terraform creates and manages resources on various platforms and services via their application programming interfaces (APIs). For this, HashiCorp, along with the Terraform community, has written thousands of providers (plugins). To find all publicly available options, visit the Terraform Registry.

Terraform has the capability, at least in principle, to manage any system that has an API. This means it's not limited to cloud services—it can also manage on-premises systems that offer API access for provisioning and configuration, like OpenStack, VMWare vSphere, and CloudStack.

Detailed documentation

Terraform documentation offers comprehensive and well-structured information that aims to provide guidance and reference material for users at different proficiency levels. It covers a wide range of topics, including steps for installation, configuration language, Terraform CLI, and more.

The documentation provides a solid foundation for understanding and employing Terraform efficiently, enabling users to create, manage, and maintain infrastructure adhering to best practices and recommended approaches.

A convenient way to describe infrastructure plus multi-language support

Terraform uses Hashicorp Configuration Language (HCL), created by HashiCorp and released in 2016. It shares similarities with JSON and YAML in terms of representing data in both human- and machine-readable formats. However, HCL was created specifically to write infrastructure configurations. It is more intuitive for describing various elements and has a more defined structure when compared to JSON or YAML.

Terraform has a CDK that allows using Typescript, Python, Java, C#, and Go

Terraform has a CDK that allows using Typescript, Python, Java, C#, and Go

Yet, those unwilling to learn HCL can use a familiar programming language to work with Terraform. The platform provides a Cloud Development Kit (CDK), allowing you to create configurations with TypeScript, Python, Java, C#, or Go.

Active community

Terraform has a large active community due to its open-source nature. For example, Stack Overflow features more than 18,600 Terraform-tagged questions, underscoring the tool's widespread popularity and indicating the likelihood of finding helpful solutions to diverse queries. Terraform's GitHub repository has received over 39,800 stars and drawn support from almost 1,800  contributors.

The platform also has a Community Forum that comprises active users willing to help and serves as a hub for covering various topics, including specific questions, practical use cases, and discussions about best practices.

Automation and ease of use

Terraform configuration files are declarative, which means they outline the desired final state of your infrastructure in human-readable form. You don't have to manually write out every step because Terraform figures it out for you, handling the underlying logic.

These configuration files can be stored, modified, and shared, allowing collaboration and version control.

Terraform modules for streamlined infrastructure management

Terraform supports modules that serve as containers for related resources to manage them as a single unit. The modules are shareable and can be reused across multiple deployments. This reduces duplication, speeds up deployment, and simplifies the management of complex environments.

You can either use publicly available modules from the Terraform Registry or develop your own.

The disadvantages of Terraform

While Terraform boasts significant advantages, acknowledging its limitations is crucial for a holistic view. Here, we'll uncover drawbacks and areas where Terraform might fall short.

Hard learning curve

Terraform's learning curve can be challenging, especially for those who are not familiar with IaC. Infrastructure involves a multitude of components with interdependencies. Terraform requires understanding these dependencies and how to efficiently manage them. Every infrastructure component has unique configurations and settings, which might also overwhelm newcomers.

Furthermore, achieving proper configuration within Terraform necessitates experience with a cloud provider's services, adding an extra layer of complexity.

Issues with partner plugins

Terraform has a list of official plugins that are owned and maintained by HashiCorp. Alongside these, there is a multitude of partner plugins written, maintained, validated, and published by other companies against their own APIs.

Using partner plugins introduces a dependency on third-party companies. This means that any alterations in updates may impact Terraform’s compatibility with the latest features or services. Consequently, this could impose limitations or delays in adopting new functionalities.

Additionally, ensuring providers remain up-to-date with the services they engage with may be complex, especially when overseeing providers across large, distributed codebases. Updates or changes to the providers must be coordinated and applied consistently across different areas, which takes time and effort.

Complex state management

Terraform uses a state file to store the state of your infrastructure, track resources defined in your configuration, and map them to real-world components. Handling this state file requires that the state must always be in sync with the infrastructure, and any changes to your system should be done through Terraform, not outside of it. This means that external modifications or adjustments can lead to discrepancies.

If there's a mismatch between your state and configuration, Terraform will try to align your infrastructure, which may lead to unintentional destruction or recreation of resources. That's why it's crucial to maintain the state's accuracy, keeping team members on the same page.

Terraform alternatives

When exploring tools similar to Terraform, you'll find a variety of solutions. This section navigates the most popular platforms and their capabilities.

Kubernetes vs. Terraform

Despite serving different purposes, Terraform and Kubernetes are often compared because they both play crucial roles in modern IT environments and relate to managing infrastructure, albeit at different levels.

Kubernetes (or K8s) is an open-source system designed to automate the deployment, scaling, and management of containerized applications. It organizes an application's containers into logical units, simplifying their setup and management.

In Kubernetes, configuration files are written in YAML or JSON. Despite using different languages, like Terraform, Kubernetes has a declarative approach to defining the configuration.

One of the major drawbacks of Kubernetes is its learning curve. Effectively deploying applications in Kubernetes demands a comprehensive understanding of its cluster architecture—internal components and mechanics that may require significant time to grasp. It's worth noting that you can use Terraform to provision and manage Kubernetes clusters.

To learn more, read our articles about the advantages and disadvantages of Kubernetes container orchestration and Docker containers.

Ansible vs. Terraform

Ansible is an open-source configuration management tool that uses YAML syntax. It can automate provisioning, application deployment, orchestration, and other IT processes but is mainly geared towards configuration management, while Terraform's primary focus is provisioning.

In contrast to Terraform's declarative approach, Ansible's YAML scripts are procedural. This means you must define precise step-by-step commands to achieve the desired configuration.

We previously discussed Terraform's challenge with state management, where a mismatch between your state and configuration can lead to unintentional destruction or recreation of resources. This discrepancy, known as "drift," is effectively handled by Ansible Playbooks. Configuration drift is a common challenge in large organizations caused by manual, unapproved, or unmonitored infrastructure changes. Upon detecting alterations, Ansible Playbooks notify the relevant personnel, enabling them to rectify the drift and return the system to its baseline. This feature aids in controlling the consequences of unintended changes in the system by consistently monitoring them.

AWS CloudFormation vs. Terraform

AWS CloudFormation is a free service that enables modeling, provisioning, and managing AWS resources. While it can also facilitate some third-party integrations, its core focus remains on handling infrastructures within AWS. This stands as the primary difference from Terraform, which operates as a multi-cloud platform.

You can use JSON or YAML in a declarative style to describe what AWS resources they want to create and configure. AWS CDK also supports provisioning in TypeScript, Python, Java, .NET, and Go.

Similar to Terraform's modules, AWS CloudFormation supports stacks that function as collections of AWS resources and are managed as a single unit. Resources in a stack can be reused and replicated in multiple environments.

For organizations invested in AWS and requiring native support, CloudFormation would be the optimal choice.

Pulumi vs. Terraform

Pulumi is an open-source IaC tool for creating, deploying, and managing cloud infrastructure. Like Terraform, it is a declarative tool and supports all of the major cloud providers.

Pulumi's approach to state management is similar to Terraform's. All resource input and output values are recorded as state and are stored in the Pulumi Cloud, a file, or a pluggable provider of choice. These raw values usually contain server names, configuration settings, etc. If they contain sensitive data, such as database passwords or service tokens, Pulumi ensures protection—the data is encrypted before being stored in the state file.

As we mentioned above, Terraform uses HCL and provides a CDK supporting TypeScript, Python, Java, C#, and Go. Pulumi has similar language choices to Terraform but includes JavaScript and .NET, while lacking compatibility with C#. Additionally, unlike Terraform's HCL, Pulumi uses YAML. Each language supports the entire surface area of all of the clouds available in the Pulumi Registry.

Getting started with Terraform

For beginners, Terraform provides comprehensive tutorials to acquaint them with the core principles of the platform and how to use it with different platforms—specifically, AWS, Microsoft Azure, Google Cloud, Terraform Cloud, Oracle, and the Docker container platform.

An interactive tutorial on how to create Terraform infrastructure with Docker, featuring step-by-step commands displayed alongside. Source: Terraform Tutorials

An interactive tutorial on how to create Terraform infrastructure with Docker, featuring step-by-step commands displayed alongside. Source: Terraform Tutorials

Designed in a step-by-step, interactive command-line format, these tutorials offer precise guidance on how to install Terraform; build, change, and destroy infrastructure; define input variables; query data; and store remote states.

You can also explore Terraform courses available on Udemy that comprehensive coverage of diverse topics.

A page with lessons on how to build, change, and destroy Azure infrastructure. Source: Terraform Tutorials

A page with lessons on how to build, change, and destroy Azure infrastructure. Source: Terraform Tutorials

Additionally, Terraform's tutorial library covers some of the most common tasks and use cases. For example, you can learn how to enable health assessments for a workspace, use an on-demand analysis to detect configuration drift, and review the options for resolving drift.  

This post is a part of our “The Good and the Bad” series. For more information about the pros and cons of the most popular technologies, see the other articles from the series: