Difference between revisions of "Terraform best practices"
Jump to navigation
Jump to search
(16 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
* https://www.terraform.io/cloud-docs/guides/recommended-practices | * https://www.terraform.io/cloud-docs/guides/recommended-practices | ||
+ | ** One [[Workspace]] per Environment per Terraform configuration | ||
+ | * https://cloud.google.com/docs/terraform/best-practices-for-terraform | ||
− | + | == Best practices from [[Google Cloud]] team == | |
https://cloud.google.com/docs/terraform/best-practices-for-terraform | https://cloud.google.com/docs/terraform/best-practices-for-terraform | ||
* Protect [[stateful resources]]: <code>[[lifecycle]] { [[prevent_destroy]] = true }</code> | * Protect [[stateful resources]]: <code>[[lifecycle]] { [[prevent_destroy]] = true }</code> | ||
* Expose [[Terraform: output|outputs]]: <code>[[outputs.tf]]</code> | * Expose [[Terraform: output|outputs]]: <code>[[outputs.tf]]</code> | ||
− | * Use [[data sources]]. | + | * Use [[data sources]]: <code>[[data.]]</code> |
* Adopt a naming convention. | * Adopt a naming convention. | ||
− | * Use [[variables]] carefully. | + | * Use [[variables]] carefully: <code>[[variables.tf]]</code> |
* Limit the use of custom scripts | * Limit the use of custom scripts | ||
* Follow a [[standard module structure]] | * Follow a [[standard module structure]] | ||
Line 15: | Line 17: | ||
* Use built-in formatting: <code>[[terraform fmt]]</code> | * Use built-in formatting: <code>[[terraform fmt]]</code> | ||
* Limit the complexity of expressions. | * Limit the complexity of expressions. | ||
− | * Use <code>[[count]]</code> for conditional values. | + | * Use <code>[[Terraform meta argument: count|count]]</code> for conditional values. |
− | * Use <code>[[for_each]]</code> for iterated resources. | + | * Use <code>[[for_each]]</code> for [[iterated resources]]. |
− | * Publish [[modules]] to a [[registry]]. | + | * Publish [[Terraform modules|modules]] to a [[registry]]. |
=== Operations === | === Operations === | ||
* Don't modify [[Terraform state]] manually. | * Don't modify [[Terraform state]] manually. | ||
− | * Always plan first | + | * Always [[plan]] first, <code>[[terraform plan]]</code> |
− | * Implement an automated pipeline. | + | * Implement an automated [[pipeline]]. |
− | * Use service account credentials for CI. | + | * Use [[service account]] credentials for CI. |
− | * Avoid importing existing resources. | + | * Avoid [[terraform import|importing]] existing resources. |
− | * Regularly review version pins. | + | * Regularly review version [[pins]]. |
* Use application default credentials when running locally. | * Use application default credentials when running locally. | ||
− | * Set aliases to Terraform. | + | * Set [[aliases]] to Terraform. |
== Related == | == Related == | ||
Line 33: | Line 35: | ||
* [[main]] | * [[main]] | ||
* <code>[[prevent_destroy]]</code> | * <code>[[prevent_destroy]]</code> | ||
+ | |||
+ | == Activities == | ||
+ | * Read https://www.digitalocean.com/community/tutorials/how-to-structure-a-terraform-project | ||
== See also == | == See also == |
Latest revision as of 11:12, 30 May 2024
- https://www.terraform.io/cloud-docs/guides/recommended-practices
- One Workspace per Environment per Terraform configuration
- https://cloud.google.com/docs/terraform/best-practices-for-terraform
Best practices from Google Cloud team[edit]
https://cloud.google.com/docs/terraform/best-practices-for-terraform
- Protect stateful resources:
lifecycle { prevent_destroy = true }
- Expose outputs:
outputs.tf
- Use data sources:
data.
- Adopt a naming convention.
- Use variables carefully:
variables.tf
- Limit the use of custom scripts
- Follow a standard module structure
- Include helper scripts in a separate directory:
helpers/
- Put static files in a separate directory:
files/
- Use built-in formatting:
terraform fmt
- Limit the complexity of expressions.
- Use
count
for conditional values. - Use
for_each
for iterated resources. - Publish modules to a registry.
Operations[edit]
- Don't modify Terraform state manually.
- Always plan first,
terraform plan
- Implement an automated pipeline.
- Use service account credentials for CI.
- Avoid importing existing resources.
- Regularly review version pins.
- Use application default credentials when running locally.
- Set aliases to Terraform.
Related[edit]
Activities[edit]
See also[edit]
- Terraform, OpenTofu, Terrakube.org, Installation, Terraform AWS, Terraform GCP, Terraform commands, Terraform Cloud, Terraform Enterprise (TFE), HCL, HIL, meta-arguments, providers, modules, resource, provisioners, data sources, backends: remote backends, examples, configuration files, state files, variables, types, Terraform Registry, conditionals:
depends_on
, functions, Blocks, dynamic blocks, errors, Terragrunt, Terraformer, Terratest, Terraform certifications, Terraform map type, Terraform Associate, Terraform: list type,TF_VAR_, TF_LOG
, Terraform provider versioning, Terraform Style Conventions, Required version, Terraform plugin, Terraform Named Values, tags, Changelog,tfsec, tflint
, Operators, Expressions:for, splat
, Debugging, Namespaces, Terraform Landing Zones, CDKTF, Atmos
Advertising: