Edit

Terraform

Setting up and using terraform for Azure Deployments

Terraform is HashiCorp's Infrastructure as Code (IaC) tool that enables you to safely and predictably create, change, and improve infrastructure across multiple cloud providers and services. This guide covers modern Terraform practices as of 2025, including the latest features and best practices.

Installation Guide

Linux Installation

Ubuntu/Debian

wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install terraform

RHEL/CentOS/Fedora

sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
sudo yum -y install terraform

WSL2 Installation

For WSL2, you can either use the Linux distribution's package manager as above, or install via the official package:

wget -O terraform.zip https://releases.hashicorp.com/terraform/latest/terraform_*_linux_amd64.zip
unzip terraform.zip
sudo mv terraform /usr/local/bin/

NixOS Installation

Add Terraform to your system configuration (configuration.nix):

Or for a project-specific environment using shell.nix:

NixOS Real-Life Scenarios for Terraform

1. Reproducible Multi-Cloud Dev Environments

Use NixOS to ensure every engineer and CI runner has the same Terraform, provider plugins, and linters:

2. Project-Specific Flake for Terraform + Providers

Use a Nix flake to pin Terraform and provider versions for a project:

Start the shell:

3. Declarative Secrets Management for Provider Credentials

Store cloud credentials in a NixOS module or use agenix for encrypted secrets:

4. CI/CD with Nix and Terraform

Use Nix to build a Docker image or CI environment with pinned Terraform and providers for GitHub Actions, GitLab CI, or self-hosted runners:

Modern Terraform Features (2025)

Key Features

  1. Native Support for Multi-Cloud Deployments

    • Unified workflow across AWS, Azure, GCP, and other providers

    • Cross-cloud resource dependencies

    • Cloud-agnostic modules

  2. Enhanced State Management

    • Improved state locking mechanisms

    • Built-in state encryption

    • Advanced state migration tools

  3. Testing and Validation

    • Built-in testing framework

    • Policy as code integration

    • Automated validation pipelines

  4. Security Features

    • Native secrets management

    • IAM role assumption

    • Provider authentication improvements

Best Practices

1. State Management

  • Use remote state storage (AWS S3, Azure Storage, GCP Cloud Storage)

  • Implement state locking

  • Separate state files per environment

  • Enable state encryption

Example backend configuration for Azure:

2. Code Organization

  • Use workspaces for environment separation

  • Implement consistent naming conventions

  • Maintain modular code structure

3. Security

  • Use provider authentication with OIDC

  • Implement least privilege access

  • Enable audit logging

  • Use sensitive input variables

4. Performance

  • Use for_each instead of count where possible

  • Implement parallel resource creation

  • Use data sources efficiently

5. Cost Management

  • Implement cost estimation in CI/CD

  • Use cost allocation tags

  • Enable cost reports and budgets

Deployment Scenarios

1. Multi-Region High Availability

2. Zero-Downtime Deployments

3. Secure Landing Zone

Integration with Other Tools

1. CI/CD Integration

GitHub Actions workflow example:

2. Policy as Code

Using OPA (Open Policy Agent) for policy enforcement:

Testing Strategies

1. Unit Testing

Using Terratest for infrastructure testing:

2. Integration Testing

Additional Resources

Related Topics

PreviousDatabase DevOpsNextCloud Integrations - Provider-specific implementations

Last updated