An overview of DevOps with Terraform

Terraform by HashiCorp

Terraform advantages

Terraform is widely used since it follows a declarative language in which we avoid the config drift and only deploy what has changed. Pluggable: Modules and resources that can help us to connect to any cloud. DevOps First: Follows the best practices of DevOps in your infrastructure

Declarative vs Imperative

It is really common to have questions such as, why declarative is better than imperative? Well:

  • Imperative (step by step) in how we want to deploy our infrastructure, for example, CLI commands but this doesn’t scale well since you need to create custom scripts and if a failure occurs during the process you need to re-run from the beginning.
  • Declarative Like terraform, you define the final state of your infrastructure, using config maps, it escalates faster and allows us to keep track of where we had the issue so we can check that specific step.

Configuration Drift

No one wants to get a configuration drift during the DevOps operations, this basically means that our existing environment is no longer matching our automation environment, this is usually lead due to the mutable infrastructure approach.

Terraform LifeCycle

Terraform enables you to automate and manage your infrastructure, platform, and services using a declarative language and taking advantage of the Infrastructure as a code, therefore understanding the major phases of terraform will boost your knowledge while working with it.

Terraform lifecycle

Code Phase: Terraform allows you to parameterize your declarative file, you need to create a file called to instantiate your variables with a description, and type if needed. The supported types are string, number, bool, list, or map. Here is an example of how it looks, a good practice is to always setup a default value, description, and the type of the variable

Instantiating variables
Variables in the
Assigning variables

Plan Phase:

When we run the terraform plan, terraform will check the terraform.tfstate, which is a file that describes the current status of the declared architecture. If it is the first time it is executed it will know that he needs to create everything, if not he can just check what has changed and apply only the part needed, this is a really good advantage of the declarative language.

Apply Phase

During the apply phase, all the parts that were specified during the code phase, and confirmed with the plan phase will be created, and this is achieved by using the provider, which is usually a cloud provider. Here is where we deploy our architecture based on our files.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Josué Carvajal

Josué Carvajal


Sr. Security software engineer working in the DevSecOps area. CompTIA Sec+, C|EH