1. What is Terraform Cloud?
Terraform Cloud is an application that manages Terraform runs in a consistent and reliable environment instead of on your local machine. It stores shared state and secret data, and connects to version control systems so that you and your team can work on infrastructure as code within your usual code workflow. It also has a private registry for sharing Terraform modules.
Paid features include access controls for approving changes to infrastructure, detailed policy controls for governing the contents of Terraform configurations, and more.
2. The VCS-driven workflow
A workspace is the basic unit of Terraform Cloud infrastructure configuration. A workspace contains Terraform configuration files, environment variables, Terraform input variables, and state files — everything Terraform needs to manage a given collection of infrastructure. To manage infrastructure with Terraform Cloud, you:
- Write configuration – Create or update Terraform configuration, which represents your infrastructure in HashiCorp Configuration Language (HCL).
- Commit changes to version control – Check your configuration files into a version control system (VCS) as the source of truth for your configuration.
- Select a workspace – Connect the VCS repo containing your configuration to a new or existing Terraform Cloud workspace.
- Configure variables – Define your workspace’s Terraform variables and environment variables. These are any values you want your configuration’s end users to customize, and credentials or other sensitive values.
- Plan & apply – Execute Terraform Cloud runs (plans and applies) to manage your infrastructure. You can trigger these via the Terraform Cloud UI or by opening pull requests in your VCS.
Since Terraform Cloud supports multiple users, you can collaborate with your team on each of these steps. For instance, each time you plan a new change, your team can review and approve the plan before it is applied.
3. Create an account
Visit https://app.terraform.io/signup/account and follow the prompts to create a free Terraform Cloud account.
When you sign up, you will receive an email asking you to confirm your email address. Confirm your email address before moving on. When you click the link to confirm your email address, the Terraform Cloud UI will ask which setup workflow you would like use. Select “Start from scratch”.
4. Create an organization
The next screen will prompt you to create a new organization. Your organization is free, and the members you add will be able to collaborate on your workspaces and share private modules.
Enter an organization name and email address. You can use the same email address that you used for your account
Then click “Create organization”. Terraform Cloud will prompt you to create a new workspace. Next Step is to create a workspace.
5. Creating a Workspace
Once you have created a Terraform Cloud account and created or joined an organization, you can start managing version-controlled infrastructure with Terraform Cloud.
While Terraform can provision resources on many different providers and connect with several popular version control systems (VCSs), this tutorial requires:
- an GCP/ AWS account
- a GitHub account
5.1 Connect Terraform Cloud to GitHub
Navigate to the “Workspaces” page from the main menu and click “+ New workspace.”
On the “New Workspace” page, select the “Version control workflow” from the workflow options screen. On the “Connect to VCS” screen, press the “GitHub” button and then choose “GitHub.com” from the drop-down to continue.
A new window will open asking you to authorize Terraform Cloud to use your GitHub account. Click the green “Authorize” button to connect Terraform Cloud to your GitHub account.
You may be asked to install Terraform Cloud for your GitHub account or organization. If prompted, select your account or organization to install Terraform Cloud.
5.2 Choose a repository
Next, Terraform will display a list of your GitHub repositories. Choose the repository you forked, called “tfc-guide-example”. If you have many GitHub repositories, you may need to filter the list to find the correct one.
5.3 Create the workspace
On the next screen, leave the workspace name and “Advanced options” unchanged, and click the purple “Create workspace” button to create the workspace.
It will take a few minutes for Terraform Cloud to connect to your GitHub repository. Once connected, Terraform Cloud will display a notification that your configuration was uploaded successfully.
6. Create Infrastructure
Once you have created a workspace and connected it to a version control repository, you are ready to configure the workspace with environment and Terraform input variables. You can then create your infrastructure.
6.1 Configure Terraform variables
Return to the Terraform Cloud UI and visit the “Variables” page for your
tfc-guide-example workspace, where you will set your credentials.
Terraform Cloud supports two types of variables: environment variables and Terraform variables. Either type can be marked as sensitive, which prevents them from being displayed in the Terraform Cloud web UI and makes them write-only.
Terraform Cloud will define Terraform Variables as input variables in Terraform’s configuration language. You can use them to customize the infrastructure that Terraform creates from your configuration.
Find the “Terraform Variables” section to set two variables that Terraform will use to configure your instance.
Click the “Save variable” button to save each one. After saving, the “Terraform Variables” section displays your new variable values.
6.2 Configure environment variables
Terraform Cloud uses an ephemeral environment to run Terraform operations that create and manage your infrastructure. You will set that environment’s Environment Variables in the Terraform Cloud web UI to configure provider credentials or to configure the Terraform binary itself.
Scroll down to the “Environment Variables” section, and create two variables by clicking the “Add variable” button. Check the “Sensitive” checkbox for both of them.
|Your AWS Access key ID||yes|
|Your AWS Secret access key||yes|
Click the “Save variable” button to save each one. Once you are done, the “Environment Variables” section should look like this:
7. Plan infrastructure changes
Now that you have set your variables, select “Start new plan” from the “Actions” drop down menu, choose the “Plan (most common)” option, and provide an optional explanation. Then select the purple “Start plan” button to start a plan. This may take a few minutes.
This produces an execution plan that describes which actions Terraform will take to change real infrastructure to match the configuration. Terraform will not make any changes until you confirm and apply the plan. This gives you and your team an opportunity to review the planned changes.
The output format is similar to the diff format generated by tools such as Git. Output with a
+ next to it means that Terraform will create this resource. The plan also shows the attributes that Terraform will set. The value
(known after apply) means that Terraform will not have this value until after it creates the resource.
No real infrastructure changes happen until you confirm and apply the plan. This checkpoint gives you and your team an opportunity to review the planned changes before they happen.
8. Apply planned changes
Once the plan is complete, click the “Confirm & Apply” button, followed by the “Confirm Plan” button to apply the change.
After a few minutes, your apply should complete. Terraform Cloud will display a confirmation.
Now return to the workspace’s “Overview” page. Under the details about your latest run, Terraform displays a table of the resources currently managed in the workspace.
It also shows the workspace’s outputs in the “Outputs” tab for easy access.
Congratulations! You created an AWS EC2 instance using Terraform Cloud. Similarly you can create GCP instances also.