What is Terraform? And why use it to manage infrastructure?
21 February 2022 • 6 min read
Terraform is an open source Infrastructure as Code (IaC) tool developed by Hashicorp. It has grown increasingly popular in recent years as cloud infrastructures have become more widely adopted. In this piece will look at exactly what it is and why it matters.
To begin, though, it's worth putting Terraform in context by looking at the broader history of software infrastructures and the rise of IaC...
A (very) brief history of software infrastructure
Deploying infrastructure to enable high scalability and availability can lead to increased complexity in configurations. This can prove troublesome to teams responsible for managing and working within a given infrastructure. As code is shared, for example, version control can become challenging as subtle but significant differences are introduced into the codebase, creating potentially risky inconsistencies across different environments.
Although it originated in the 1960s, it wasn't until the 2000s that virtualisation was widely adopted. Virtualisation optimises a machine’s full capacity by dividing multiple virtual machines; this makes managing a data centre much more cost-effective. It also made some facets of infrastructure management easier: shell scripts, for example, eased the task of “fixed automation.”
However, they weren't a silver bullet solution. Although they were able to set commands for specific use cases, it was difficult to keep them uniform across an entire infrastructure.
The next phase might be characterised as the cloud-era. Cloud arrived in the mid-2000s (although it would take a decade for it to become mainstream), and helped to standardise practices across the software infrastructure domain.
This gave rise to Infrastructure as Code (IaC) - "the managing and provisioning of infrastructure through code instead of through manual processes" as Red Hat puts it.
In turn, tools such as Ansible, CloudFormation, Chef and Puppet - and slightly later, Terraform - would emerge to support IaC, enabling flexible automation. These tools played a fundamental part in shaping DevOps as we know it today.
IaC and digital transformation
IaC followed in the wake of the mainstreaming of the concept of digital transformation in the middle of the 2010s. IaC played a key part in removing the repetitiveness of manual provisioning and maintenance. Systems were now no longer bound to physical hardware - the begrudging task of setting up manual servers and changing set parameters was, for many, a thing of the past.
Why use Terraform?
HashiCorp Terraform, as already mentioned, helps engineers automate the process of provisioning their cloud and hybrid infrastructure. With it, you no longer need to go into the cloud provider console - AWS, Azure or GCP - and set everything up manually.
But what makes Terraform different from other IaC tools - like those mentioned above? Choosing a toolset to manage the infrastructure demands an informed decision in which you weigh up the various advantages and trade-offs to ensure a solution aligns with your specific needs.
There are a four particularly important reasons why you might choose Terraform over other tools:
- Declarative vs Imperative
- Immutable vs Mutable
- Configuration Management vs Orchestration
- Size of The Community
Let’s have a look at each one of those and what they mean.
Terraform offers a declarative approach over an imperative one
Terraform - like Puppet, CloudFormation and even Pulumi (which sits underneath the imperative logic) - all promote a declarative style. The declarative approach is the preferred style to managing infrastructure, because it allows you to focus on exactly what you want the infrastructure to be. You do this by writing code in a definition file in which you can specify the desired state of the infrastructure.
Oher tools like Chef and Ansible,use an imperative approach. This means they define individual steps that will ensure the infrastructure is able to reach the final desired result. In other words, an Imperative focuses on how to reach the final state of the infrastructure rather than what that state actually is. This approach sometimes makes sense but it has fallen out of favour in recent years because it is more prone to errors and lacks reusability.
What are the benefits of a declarative approach?
Declarative tools such as Terraform tackle these issues with ease. Using the definition file you can read a given file and immediately understand what's required - you don't need any prior knowledge of the previous state of the infrastructure. Not only do declarative tools offer good readability and reusability but they also keep the code manageable.
Are there any disadvantages?
Despite all the benefits a declarative approach can bring, there are still some drawbacks.
For new Cloud users, Terraform may be difficult to learn since it is a domain specific language; it lacks the full capabilities a full programming language offers.
Terraform enables an immutable infrastructure
In the past (say, a decade ago), infrastructure used to evolve over time through updates and modifications. This is what’s known as mutable infrastructure. Chef, Ansible, and Puppet are all tools that directly support mutable infrastructures.
However, this approach can pose multiple challenges, such as configuration drift (which occurs due to inconsistencies across a system), and is more prone to update failures. Immutable infrastructure tackles these issues by allowing for a smaller and easier to manage code base. Due to the nature of discrete versioning, it enables modular work. State isolation is critical in preventing configuration drift. By completely building new images and servers, it enables more predictable and repeatable results.
In short, immutable infrastructure creates distinct resources. To roll an update onto a web server, you need to create a new server with the relevant updates and bring down the old one. Resources are replaced rather than changed over time.
Terraform enables orchestration
Ansible, Puppet, and Chef are configuration management tools. Configuration Management tools maintain a server's integrity by installing and managing the software on a server over time. Terraform (alongside Pulumi and CloudFormation), is an Orchestrator. Orchestrators provision resources at a higher level than configuration management tools.
For this reason, they are particularly well-suited to complex tasks such as provisioning multi-cloud, configuring environments and clusters.
Explore the work we've done for our diverse range of clients.
Terraform has an active, supportive, and growing community
The quality of a new tool often depends on the nature of its community - is it active? Helpful? Friendly? From answering questions on Stack Overflow, to well-written documentation and bug fixes, community is integral to a tool’s success and effectiveness.
While it’s difficult to measure the exact number of users, we used various repositories created between January 1st - February 1st in GitHub, questions posted on StackOverflow involving the tool and job listings on StackOverflow to rank the tools. From first to last:
- Terraform, followed by the mature tech in IaC
(The above three are all cloud agnostic tools)
- CloudFormation (a tool dedicated to AWS)
- Pulumi,(the newest tool on the list)
While the popularity of a tool is important, it of course shouldn't not be the driving factor when deciding which tool to use. They all have their own use cases.
While all tools have their own merits - and may well be appropriate for a specific situation or context - we particularly like Terraform because we are enthusiastic about the opportunities of immutable infrastructure - it can be transformative for clients that want to unlock the flexibility and speed through software. It's open source, declarative, and cloud agnostic; and with a strong community and exceptional documentation, we've found that it can be a particularly powerful tool for enabling DevOps practices inside organisations - however technically mature they may be.
Marcus Tse is a Cloud Engineer at AND Digital.
Talk to us about DevOps and digital transformation.