The team at HeleCloud have worked extensively with Terraform since the company was established, on the AWS platform. Daniel Rankov, AWS Consultant, discussed HeleCloud’s experiences at the second meet up of HashiCorp User Group in Sofia on October 4, 2018.
“Try to gather all the requirements at the beginning of the project. It will help you see the project in its entirety, in order to set the correct rules and approach for the team”, said Daniel Rankov.
When applying the Infrastructure as a Code (IaC) principle, HeleCloud team generally follow seven main practices:
1. Naming convention – always set a predefined naming convention with the team. It will save you the long hours of aligning people’s work.
3. Code reuse – write the code in a manner that enables you to easily reuse it in future projects.
4. Shared state – allows a group of developers to work simultaneously, which saves ample time.
5. Isolated environments – operate in both different environments and accounts for each client. This will ensure you don’t mistake any available resources.
6. Verify limits – always check the limit of the account you are using before starting the project tasks.
7. Stack organization – follow the layered approach and organize the code by lifecycle and ownership.
“To prevent automatic upgrades to a new major version of a providers service, that may contain breaking changes, set manual updates”, Daniel recommends regarding Terraform install.
The single point of execution and update of Terraform’s versions, are two other great practices used by HeleCloud professionals. Terraform enterprise is a tool that provides collaboration and governance capabilities. Whilst adding one more security level.
Still wondering how to build your password management? Which tools to use when testing, executing and debugging Terraform? Or maybe you’re debating on whether to write a module or not? Find all the answers and a lot more through the ‘Terraform: Good practices and lessons learned’ presentation.
The white paper ‘Building secured immutable infrastructure’, presents a way to achieve a fully auditable and secure deployment in AWS. Take your time and learn how to build immutable infrastructure by creating predefined images and performing regular security scans.