Using terraform to manage cloud infrastructure is a good idea, even if all you have is one S3 bucket.
We use terraform to manage our cloud infrastructure. Terraform is an open source, cloud agnostic declarative tool that lets you create, update and delete resources with a text based configuration language and a command line tool. We use it to manage AWS infrastructure, but it can be used to manage other cloud platforms as well.
We definitely don’t push terraform to its limits. We don’t use the hippest cloud native architectures. Most of our servers are pets, not cattle. We aren’t scaling them up and down all the time or running thousands of servers (it’s not what our clients need). Terraform is useful even if you are doing old school hosting in the cloud.
Using terraform to manage our infrastructure provides the following benefits; the infrastructure:
- is documented. When I taught AWS courses I used to say “if infrastructure is managed as code, that code may be accurate documentation, but if it isn’t, I know that it’s not accurate”.
- has a change trail. Yes, you can also use elasticsearch + cloudtrail to see what changed in your infrastructure but that will only capture the “what”, not the “why”. Intent is important and can be captured in commit messages and pull reviews. These also have URLs that can be attached to documentation and trello cards. Such documentation will likely be welcomed by future you.
- can be reviewed. Code reviews catch mistakes and share knowledge across a team.
- can be re-used. Even copy pasta of terraform modules is better than documentation on which AWS console box to check, but you can use modules to build more elegant, reusable systems.
- makes the implicit explicit. Rather than decisions about security groups or other resources being captured in the running infrastructure and the head of the developer who built it, it’s captured in a text file.
We have some infrastructure that predates our usage of terraform. We are using terraform on all new projects and, where appropriate, integrating it into existing systems. The terraform import command helps some, but we need to balance the benefits above with the costs of importing working infrastructure (some of which has been running for years untouched). Pragmatism is always in contention with perfection, unfortunately. Such retrofitting happends on an adhoc basis.
Learning terraform isn’t hard, but does require a bit of fiddling. If you work with cloud infrastructure on AWS, even if it is just a couple of AWS users or S3 buckets, explore terraform and check in your code. It’s so much easier to do it right at the beginning and build on it than to add it later. But even if you do retrofit, doing it bit by bit as you touch infrastructure will bring all the above benefits.