Module 4 – Infrastructure as Code (Terraform)

If You Cannot Recreate It, You Do Not Control It

Cloud consoles are convenient.

They are also dangerous.

Manual configuration leads to:

  • Drift
  • Inconsistent environments
  • Hidden changes
  • Audit difficulty
  • Recovery delays

Infrastructure as Code (IaC) converts infrastructure into:

  • Declarative configuration
  • Version-controlled artifacts
  • Reproducible environments

Terraform is the tool used in this module to enforce discipline.

1. Declarative Infrastructure

Desired State Engineering

Terraform works on a simple principle:

You define desired state.

Terraform ensures reality matches it.

Example conceptual resource:

resource "cloud_instance" "app" {
  instance_type = "t3.micro"
  subnet_id     = var.private_subnet_id
}

This is not a script.

It is a declaration.

Terraform compares:

  • Desired state (code)
  • Current state (cloud environment)

And reconciles differences.

2. Providers & State Management

Understanding Terraform’s Brain

Provider

The provider connects Terraform to the cloud platform.

Examples:

  • AWS provider
  • Azure provider
  • Google provider

The provider translates code into API calls.

State File

Terraform maintains a state file.

The state file tracks:

  • Created resources
  • Resource IDs
  • Dependency relationships

Without state:

Terraform does not know what exists.

State discipline is critical.

In production:

  • State should be remote
  • State should be locked
  • State should not be manually edited

State corruption causes infrastructure instability.

3. Variable-Driven Architecture

Designing for Reuse

Avoid hardcoding values.

Instead of:

instance_type = "t3.micro"

Use:

instance_type = var.instance_type

Variables allow:

  • Environment separation (dev, staging, prod)
  • Region flexibility
  • Instance sizing adjustments
  • CIDR reusability

Parameterization increases scalability.

4. Modular Infrastructure Design

Encapsulation for Maintainability

Large Terraform files become unmanageable.

Use modules to isolate components.

Example module structure:

modules/
  vpc/
  security/
  compute/
  database/

Each module:

  • Has inputs
  • Has outputs
  • Is reusable

Modular design reduces:

  • Duplication
  • Human error
  • Maintenance cost

5. Idempotency

Safe Repeated Execution

Terraform is idempotent.

Running:

terraform apply

Multiple times should produce the same result.

No duplicate resources.
No unpredictable side effects.

Idempotency ensures:

Infrastructure remains stable under repeated execution.

6. Drift Detection

Detecting Manual Changes

Drift occurs when:

Someone modifies infrastructure manually.

Terraform can detect drift via:

terraform plan

If plan shows unexpected changes:

Manual modification occurred.

Drift breaks consistency.

Infrastructure must be controlled through code — not consoles.

7. End-to-End Architecture in Code

By this stage, your Terraform project should include:

  • VPC module
  • Subnets (public + private)
  • Internet Gateway
  • NAT Gateway
  • Security groups
  • Load balancer
  • Auto Scaling group

All defined in code.

This converts:

Architecture → Versioned artifact.

8. Dependency Management

Terraform builds resources based on dependency graph.

Example:

VPC must exist before subnets.
Subnets must exist before instances.

Terraform automatically calculates dependency order.

Poor dependency modeling leads to:

  • Race conditions
  • Partial failures
  • Inconsistent deployments

9. Safe Deployment Workflow

Recommended workflow:

terraform init
terraform plan
terraform apply

Never apply without reviewing plan.

Plan stage reveals:

  • What will be created
  • What will be modified
  • What will be destroyed

Blind apply is operational negligence.

10. Destroy Discipline

When testing:

terraform destroy

Destroys entire environment.

Advantages:

  • Cost control
  • Clean testing
  • No orphan resources

Destruction capability is part of engineering control.

If you cannot destroy and recreate infrastructure confidently, it is fragile.

11. Version Control Integration

Terraform code must live in Git.

Benefits:

  • Change tracking
  • Code review
  • Rollback capability
  • Audit history

Infrastructure without version control is undocumented risk.

12. Lab Assignment

  1. Create Terraform project structure.
  2. Define:
    • VPC
    • Public subnets
    • Private subnets
    • Security groups
    • Load balancer
  3. Use variables for:
    • CIDR blocks
    • Instance types
    • Region
  4. Run:
    • terraform init
    • terraform plan
    • terraform apply
  5. Destroy environment after validation.
  6. Recreate from scratch.

Deliverable:

Explain:

  • Why state matters.
  • How drift is detected.
  • Why modular design improves reliability.
  • Why console changes are dangerous.

If you cannot destroy and recreate your architecture in under 15 minutes, it is not production-ready.

13. Production Reflection

Consider:

  • How do you secure state files?
  • What happens if state is lost?
  • How do you handle secrets?
  • How do you manage multiple environments?
  • How do you prevent accidental deletion in production?

Infrastructure as Code increases control.

But only if managed with discipline.

Module Completion Criteria

You are ready for Module 5 when:

  • Infrastructure is fully code-defined.
  • No manual changes exist.
  • State is managed properly.
  • Modules are reusable.
  • Environments are reproducible.

Next:

→ Module 5 – Failure Simulation

Back To Top
Search
error: Content is protected !!