terraform

Essential Terraform best practices for organizing and structuring your infrastructure code: 1. Separate Configuration Files Instead of putting all code in main.tf, distribute it across multiple files: main.tf: Calls modules, locals, and data sources to create all resources variables.tf: Contains variable declarations used in main.tf. Place required variables at the top and optional ones at the bottom, separated by a comment line for better readability outputs.tf: Contains outputs from resources created in main....

Managing Terraform state securely is one of those things that seems simple until you’re dealing with hundreds of accounts and thousands of resources. Cloudflare, being their own Customer Zero, had to solve this problem at enterprise scale. The interesting part? They built a custom solution called tfstate-butler - a Go program that acts as an HTTP backend for Terraform state storage. The Security Problem When you’re managing infrastructure at Cloudflare’s scale, a single compromised state file could be catastrophic....

Collaboration Use remote state and state locking For certain backends like AWS S3, enable versioning to make it easier to recover your state if needed Agree on naming convention Use meaningful tags to easily identify resources: environment, owner, project keys are must You can also add cloud-custdodian for components which are out of terrarfom/IaC tools, which could automatically tag your manually created resources with Owner Creator based on CloudTrail events Don’t reinvent the wheel Use existing shared and community modules....

Userdata is compatible with the standard AWS EKS Terraform module, with the sole recommendation being the utilization of a custom AMI. In order to use instance-store you also need to install local-static-provisioner - https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner Terraform example: eks-dev-instance-store = { instance_types = ["r6id.large"] min_size = 1 max_size = 3 desired_size = 1 block_device_mappings = {# Root volume xvda = { device_name = "/dev/xvda" ebs = { volume_size = 24 volume_type = "gp3" iops = 3000 encrypted = false delete_on_termination = true } } } ami_id = data....