Terraform - Up and Running: Writing Infrastructure as Code

Product Information

I read the first edition of this book, so the terraform version is a little dated, making the exercises hard to follow at times. Also goes to show how fast terraform is evolving and not even yet hit the first leading major version, I.e., 0.* version only. The other challenge was also the intro of terragrunt, by the author, which made an entry and then disappeared later on, making it hard to follow the tutorial style text. There are several ingredients to setting up a secure CI / CD pipeline for Terraform. The first ingredient is to handle credentials on your CI server securely. The 3rd edition of the book adds examples of using environment variables, IAM roles, and arguably the most secure option of all, OpenID Connect (OIDC). Chapter 6 includes an example of using OIDC with GitHub Actions to authenticate to AWS, via an IAM role, without having to manage any credentials at all: # Authenticate to AWS using OIDC Well written - Brikman is clearly an experienced writer and this practice shows. The book is enjoyable to read while presenting dense technical content.

For instructions on running the code, please consult the README in each folder, and, of course, the There's also an open-source effort at https://github.com/brikis98/terraform... to port for GCP and Azure (at the time of writing this).

Table of contents

It's a pretty good book to get you started with Terraform. It provides great best practices for using Terraform in your company you couldn't find in one place anywhere else.

Therefore, except for a few niche cases, I recommend the cloud native approach. This is also the approach that Terraform is designed for: you can use Terraform with multiple clouds, but you have to write separate code for each cloud, using the providers and resources native to that cloud. Therefore, even for multi-cloud deployments, it’s unusual to build a single Terraform module that deploys into multiple clouds (that is, uses multiple different providers in one module); it’s much more common to keep the code for each cloud in separate modules. Currently, this is the best introduction into Terraform that is on the market. It isn't perfect, but this book does a really good job at taking someone who has never installed Terraform or used it and getting them up to what I would call "intermediate" level of knowledge. I actually interviewed for several DevOps jobs that required Terraform experience by solely reading this book and following along with the tutorials. It covers all the main Terraform concepts and I was able to even impress my interviewers based off the knowledge from this book.

Even though you can find most of the information online in docs or online articles, in the book such information is well structured and complicated topics are brought one by one without overwhelming the reader with complexity. This book is more than enough to help you set up Terraform in your projects on a decent level and start using it in production. AWS examples only. Minor nit here, but it’s kind of a bummer that the examples in the book and on github are aws only. I can’t blame the author here, since the point is Terraform, not your favorite provider X. If you want an other provider, you'll have to manage yourself and probably won't benefit **that much** from the book. Terraform Up and Running is a great introduction and guide to becoming "able" with terraform to server provision with AWS.

The second ingredient is to strictly limit what the CI server can do once it has authenticated: for example, in the OIDC snippet above, you’ll want to severely limit the permissions in that IAM role. But then how do you handle the admin permissions you need to deploy arbitrary Terraform changes? Inclusion of problems. I’d love to have an “Extra for Experts” of challenges for readers to solve to solidify their knowledge.

Update the code to work with the current version of Terraform. Providers are now separated from the main repository and the way terraform init works has changed slightly.