Difference between revisions of "Terraform best practices"
Jump to navigation
Jump to search
Line 25: | Line 25: | ||
* Use [[service account]] credentials for CI. | * Use [[service account]] credentials for CI. | ||
* Avoid [[terraform import|importing]] existing resources. | * Avoid [[terraform import|importing]] existing resources. | ||
− | * Regularly review version pins. | + | * Regularly review version [[pins]]. |
* Use application default credentials when running locally. | * Use application default credentials when running locally. | ||
* Set [[aliases]] to Terraform. | * Set [[aliases]] to Terraform. |
Revision as of 19:05, 27 February 2023
Best practices from Google Cloud team
https://cloud.google.com/docs/terraform/best-practices-for-terraform
- Protect stateful resources:
lifecycle { prevent_destroy = true }
- Expose outputs:
outputs.tf
- Use data sources.
- Adopt a naming convention.
- Use variables carefully:
variables.tf
- Limit the use of custom scripts
- Follow a standard module structure
- Include helper scripts in a separate directory:
helpers/
- Put static files in a separate directory:
files/
- Use built-in formatting:
terraform fmt
- Limit the complexity of expressions.
- Use
count
for conditional values. - Use
for_each
for iterated resources. - Publish modules to a registry.
Operations
- Don't modify Terraform state manually.
- Always plan first,
terraform plan
- Implement an automated pipeline.
- Use service account credentials for CI.
- Avoid importing existing resources.
- Regularly review version pins.
- Use application default credentials when running locally.
- Set aliases to Terraform.
Related
See also
- Terraform, OpenTofu, Terrakube.org, Installation, Terraform AWS, Terraform GCP, Terraform commands, Terraform Cloud, Terraform Enterprise (TFE), HCL, HIL, meta-arguments, providers, modules, resource, provisioners, data sources, backends: remote backends, examples, configuration files, state files, variables, types, Terraform Registry, conditionals:
depends_on
, functions, Blocks, dynamic blocks, errors, Terragrunt, Terraformer, Terratest, Terraform certifications, Terraform map type, Terraform Associate, Terraform: list type,TF_VAR_, TF_LOG
, Terraform provider versioning, Terraform Style Conventions, Required version, Terraform plugin, Terraform Named Values, tags, Changelog,tfsec, tflint
, Operators, Expressions:for, splat
, Debugging, Namespaces, Terraform Landing Zones, CDKTF, Atmos
Advertising: