Terraform - Beyond Infrastructure

In this blog, we will discuss Terraform's ability to scale usage beyond just infrastructure management.
Vikram Fugro_avatar
Vikram Fugro
May 12, 2022 | 3 min read

An Introduction To Terraform

With the growing demand for managing complex and scalable infrastructure, needless to say, Terraform has distinctly emerged as the clear winner. The advantages of using Terraform are very well understood. Be it simple and elegant declarative syntax that makes it very approachable or its multi-cloud support, or the vastly reduced time in development and deployment – Terraform efficiently checks all the boxes. There’s also great linter support for your Terraform code, and with the advent of GitOps, Terraform fits in very well with different CI/CD workflows for your infrastructure management.

Terraform At Large

Terraform has come a long way since its 0.1 release and is not just about managing your public cloud resources anymore. Besides new public cloud providers' support, the scene has exploded with many other providers catering to a multitude of needs! A terraform provider is a plugin that uses an external service's API and translates them to terraform constructs such as resources, data resources, modules, etc. Ther are providers for third-party logging, monitoring, container orchestration, etc. There are close to 2000 providers in the registry! People have even gone to the extent of writing providers for ordering a pizza or creating a Spotify playlist!

Access Management Using Terraform

One such unique use case that we figured Terraform certainly shines well is access management. Employee onboarding can be a pretty involved process. In addition to many other things to manage, granting the right access and the right privileges can be error-prone or time-consuming- let alone the follow-up! The same holds true when the employee leaves the organization, worse if the access stays long after the employee is gone. How cool would it be if managing all of this was just one git commit away! This would also automatically give you the audit trail of people's movement within the teams.

Putting Terraform In Action at Medly

Let’s have a look at a few providers that we have leveraged with some examples.

Here’s an example of creating an escalation policy in PagerDuty

resource "pagerduty_escalation_policy" "policy" {

  name = "XYZ ESCALATION POLICY"
  num_loops = 2
  teams = [PagerDuty_team.team.id]

  rule {
    escalation_delay_in_minutes = 10
    target {
      type = "user"
      id = pagerduty_user.user.id
    }
    target {
      type = "user"
      id = pagerduty_user.user.id
    }
  }
  
}

or an authorization server in Okta

resource "okta_auth_server" "auth_server" {

    audiences = ["api://server"]
    description = "XYZ auth server"
    name = "server"
    issuer_mode = "CUSTOM_URL"
    status = "ACTIVE"

}

This is just the tip of the iceberg, and the Okta Terraform provider has a rich feature set to manage Sign-on policies, Authorization servers, OIDC, and SAML.

And the buck doesn’t stop here for us! We have successfully integrated services such as Azure AD (SSO) and are evaluating 1Password. Terraform, along with GitOps, greatly simplifies this workflow. Terraform provides a unified model for handling different configurations compared to dealing with the different interfaces that each of these services offers, as each is unique in its own way. All of this is defined in Terraform as easy-to-read and maintain code, and when combined with GitOps, you get benefits such as reviewing PRs, auditing, and versioning out of the box.

Summing It Up

Terraform is revolutionizing DevOps by not only changing the way infrastructure is managed but rather making the execution of different aspects of DevOps faster and more coherent. We hope you find this blog informative and helpful. Visit us at Medly.Tech for more such technical blogs. Happy reading folks!