Difference between revisions of "Terraform best practices"
Jump to navigation
Jump to search
| (16 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
* https://www.terraform.io/cloud-docs/guides/recommended-practices | * https://www.terraform.io/cloud-docs/guides/recommended-practices | ||
| + | ** One [[Workspace]] per Environment per Terraform configuration | ||
| + | * https://cloud.google.com/docs/terraform/best-practices-for-terraform | ||
| − | + | == Best practices from [[Google Cloud]] team == | |
https://cloud.google.com/docs/terraform/best-practices-for-terraform | https://cloud.google.com/docs/terraform/best-practices-for-terraform | ||
* Protect [[stateful resources]]: <code>[[lifecycle]] { [[prevent_destroy]] = true }</code> | * Protect [[stateful resources]]: <code>[[lifecycle]] { [[prevent_destroy]] = true }</code> | ||
* Expose [[Terraform: output|outputs]]: <code>[[outputs.tf]]</code> | * Expose [[Terraform: output|outputs]]: <code>[[outputs.tf]]</code> | ||
| − | * Use [[data sources]]. | + | * Use [[data sources]]: <code>[[data.]]</code> |
* Adopt a naming convention. | * Adopt a naming convention. | ||
| − | * Use [[variables]] carefully. | + | * Use [[variables]] carefully: <code>[[variables.tf]]</code> |
* Limit the use of custom scripts | * Limit the use of custom scripts | ||
* Follow a [[standard module structure]] | * Follow a [[standard module structure]] | ||
| Line 15: | Line 17: | ||
* Use built-in formatting: <code>[[terraform fmt]]</code> | * Use built-in formatting: <code>[[terraform fmt]]</code> | ||
* Limit the complexity of expressions. | * Limit the complexity of expressions. | ||
| − | * Use <code>[[count]]</code> for conditional values. | + | * Use <code>[[Terraform meta argument: count|count]]</code> for conditional values. |
| − | * Use <code>[[for_each]]</code> for iterated resources. | + | * Use <code>[[for_each]]</code> for [[iterated resources]]. |
| − | * Publish [[modules]] to a [[registry]]. | + | * Publish [[Terraform modules|modules]] to a [[registry]]. |
=== Operations === | === Operations === | ||
* Don't modify [[Terraform state]] manually. | * Don't modify [[Terraform state]] manually. | ||
| − | * Always plan first | + | * Always [[plan]] first, <code>[[terraform plan]]</code> |
| − | * Implement an automated pipeline. | + | * Implement an automated [[pipeline]]. |
| − | * Use service account credentials for CI. | + | * Use [[service account]] credentials for CI. |
| − | * Avoid importing existing resources. | + | * Avoid [[terraform import|importing]] existing resources. |
| − | * Regularly review version pins. | + | * Regularly review version [[pins]]. |
* Use application default credentials when running locally. | * Use application default credentials when running locally. | ||
| − | * Set aliases to Terraform. | + | * Set [[aliases]] to Terraform. |
== Related == | == Related == | ||
| Line 33: | Line 35: | ||
* [[main]] | * [[main]] | ||
* <code>[[prevent_destroy]]</code> | * <code>[[prevent_destroy]]</code> | ||
| + | |||
| + | == Activities == | ||
| + | * Read https://www.digitalocean.com/community/tutorials/how-to-structure-a-terraform-project | ||
== See also == | == See also == | ||
Latest revision as of 11:12, 30 May 2024
- https://www.terraform.io/cloud-docs/guides/recommended-practices
- One Workspace per Environment per Terraform configuration
- https://cloud.google.com/docs/terraform/best-practices-for-terraform
Best practices from Google Cloud team[edit]
https://cloud.google.com/docs/terraform/best-practices-for-terraform
- Protect stateful resources:
lifecycle { prevent_destroy = true } - Expose outputs:
outputs.tf - Use data sources:
data. - Adopt a naming convention.
- Use variables carefully:
variables.tf - Limit the use of custom scripts
- Follow a standard module structure
- Include helper scripts in a separate directory:
helpers/ - Put static files in a separate directory:
files/ - Use built-in formatting:
terraform fmt - Limit the complexity of expressions.
- Use
countfor conditional values. - Use
for_eachfor iterated resources. - Publish modules to a registry.
Operations[edit]
- Don't modify Terraform state manually.
- Always plan first,
terraform plan - Implement an automated pipeline.
- Use service account credentials for CI.
- Avoid importing existing resources.
- Regularly review version pins.
- Use application default credentials when running locally.
- Set aliases to Terraform.
Related[edit]
Activities[edit]
See also[edit]
- Terraform, OpenTofu, Terrakube.org, Installation, Terraform AWS, Terraform GCP, Terraform commands, Terraform Cloud, Terraform Enterprise (TFE), HCL, HIL, meta-arguments, providers, modules, resource, provisioners, data sources, backends: remote backends, examples, configuration files, state files, variables, types, Terraform Registry, conditionals:
depends_on, functions, Blocks, dynamic blocks, errors, Terragrunt, Terraformer, Terratest, Terraform certifications, Terraform map type, Terraform Associate, Terraform: list type,TF_VAR_, TF_LOG, Terraform provider versioning, Terraform Style Conventions, Required version, Terraform plugin, Terraform Named Values, tags, Changelog,tfsec, tflint, Operators, Expressions:for, splat, Debugging, Namespaces, Terraform Landing Zones, CDKTF, Atmos
Advertising:
