Introduction
Terraform is an infrastructure as code (IaC) tool that enables you to define and provision infrastructure using declarative configuration files. It supports multiple cloud providers and infrastructure platforms. Understanding Terraform is essential for system design interviews involving infrastructure management and DevOps.
This guide covers:
- Terraform Fundamentals: Configuration files, providers, and resources
- State Management: Terraform state and remote state
- Modules: Reusable infrastructure components
- Workspaces: Environment management
- Best Practices: Code organization, security, and versioning
What is Terraform?
Terraform is an infrastructure as code tool that:
- Declarative: Define desired state
- Multi-Cloud: Supports multiple providers
- State Management: Tracks infrastructure state
- Idempotent: Safe to run multiple times
- Version Control: Infrastructure as code
Key Concepts
Provider: Plugin for cloud/infrastructure platform
Resource: Infrastructure component
State: Current state of infrastructure
Module: Reusable configuration
Workspace: Environment isolation
Architecture
High-Level Architecture
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Developer │────▶│ DevOps │────▶│ CI/CD │
│ │ │ Engineer │ │ Pipeline │
└──────┬──────┘ └──────┬──────┘ └──────┬──────┘
│ │ │
└────────────────────┴────────────────────┘
│
│ terraform apply
│
▼
┌─────────────────────────┐
│ Terraform Core │
│ │
│ ┌──────────┐ │
│ │ Config │ │
│ │ Files │ │
│ └────┬─────┘ │
│ │ │
│ ┌────┴─────┐ │
│ │ Providers│ │
│ │(AWS/Azure│ │
│ │ /GCP) │ │
│ └──────────┘ │
└──────┬──────────────────┘
│
┌─────────────┴─────────────┐
│ │
┌──────▼──────┐ ┌───────▼──────┐
│ AWS │ │ Azure │
│ Resources │ │ Resources │
└─────────────┘ └─────────────┘
Explanation:
- Users: Developers, DevOps engineers, and CI/CD pipelines that define and manage infrastructure using Terraform.
- Terraform Core: The main engine that reads configuration files, creates execution plans, and manages infrastructure lifecycle.
- Config Files: Infrastructure definitions written in HCL (HashiCorp Configuration Language) that describe desired infrastructure state.
- Providers: Plugins that interact with cloud providers (AWS, Azure, GCP) or other services to create and manage resources.
- Cloud Resources: Actual infrastructure resources (e.g., VMs, databases, networks) created and managed by Terraform.
Core Architecture
┌─────────────────────────────────────────────────────────┐
│ Terraform Configuration │
│ │
│ ┌──────────────────────────────────────────────────┐ │
│ │ Configuration Files │ │
│ │ (.tf files, Modules) │ │
│ └──────────────────────────────────────────────────┘ │
│ │ │
│ ┌──────────────────────────────────────────────────┐ │
│ │ Terraform Core │ │
│ │ (Planning, Execution) │ │
│ └──────────────────────────────────────────────────┘ │
│ │ │
│ ┌──────────────────────────────────────────────────┐ │
│ │ Providers │ │
│ │ (AWS, Azure, GCP, etc.) │ │
│ └──────────────────────────────────────────────────┘ │
│ │ │
│ ┌──────────────────────────────────────────────────┐ │
│ │ State Backend │ │
│ │ (Local, S3, Terraform Cloud) │ │
│ └──────────────────────────────────────────────────┘ │
└───────────────────────────────────────────────────────────┘
Configuration
Basic Configuration
main.tf:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}
provider "aws" {
region = "us-east-1"
}
resource "aws_instance" "web" {
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
tags = {
Name = "WebServer"
}
}
Variables
variables.tf:
variable "instance_type" {
description = "EC2 instance type"
type = string
default = "t2.micro"
}
variable "region" {
description = "AWS region"
type = string
default = "us-east-1"
}
Use Variables:
resource "aws_instance" "web" {
instance_type = var.instance_type
# ...
}
Outputs
outputs.tf:
output "instance_id" {
description = "ID of the EC2 instance"
value = aws_instance.web.id
}
output "instance_public_ip" {
description = "Public IP of the EC2 instance"
value = aws_instance.web.public_ip
}
Resources
AWS Resources
EC2 Instance:
resource "aws_instance" "web" {
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
vpc_security_group_ids = [aws_security_group.web.id]
subnet_id = aws_subnet.public.id
tags = {
Name = "WebServer"
}
}
S3 Bucket:
resource "aws_s3_bucket" "data" {
bucket = "my-data-bucket"
tags = {
Name = "DataBucket"
}
}
RDS Database:
resource "aws_db_instance" "database" {
identifier = "mydb"
engine = "postgres"
engine_version = "14.0"
instance_class = "db.t3.micro"
allocated_storage = 20
storage_encrypted = true
db_name = "mydb"
username = "admin"
password = var.db_password
}
State Management
Local State
Default:
- State stored in
terraform.tfstate - Local file storage
- Not suitable for teams
Remote State
S3 Backend:
terraform {
backend "s3" {
bucket = "my-terraform-state"
key = "prod/terraform.tfstate"
region = "us-east-1"
}
}
Terraform Cloud:
terraform {
cloud {
organization = "my-org"
workspaces {
name = "production"
}
}
}
Modules
Module Structure
modules/
web-server/
main.tf
variables.tf
outputs.tf
Module Definition:
# modules/web-server/main.tf
variable "instance_type" {
type = string
}
variable "ami" {
type = string
}
resource "aws_instance" "web" {
ami = var.ami
instance_type = var.instance_type
}
output "instance_id" {
value = aws_instance.web.id
}
Use Module:
module "web_server" {
source = "./modules/web-server"
instance_type = "t2.micro"
ami = "ami-0c55b159cbfafe1f0"
}
Workspaces
Create Workspace
terraform workspace new production
terraform workspace new staging
terraform workspace new development
Use Workspace
terraform workspace select production
terraform apply
Workspace-Specific Configuration
resource "aws_instance" "web" {
instance_type = terraform.workspace == "production" ? "t2.large" : "t2.micro"
# ...
}
Best Practices
1. Code Organization
- Use modules for reusability
- Separate environments
- Version control everything
- Document configurations
2. State Management
- Use remote state
- Enable state locking
- Backup state files
- Limit state file size
3. Security
- Don’t commit secrets
- Use variables for sensitive data
- Use secret management
- Enable encryption
4. Versioning
- Pin provider versions
- Tag infrastructure
- Use semantic versioning
- Document changes
What Interviewers Look For
Infrastructure as Code Understanding
- Terraform Concepts
- Understanding of providers, resources, state
- Configuration management
- State management
- Red Flags: No Terraform understanding, wrong concepts, poor state management
- Infrastructure Design
- Resource organization
- Module design
- Environment management
- Red Flags: Poor organization, no modules, no environments
- DevOps Practices
- Version control
- CI/CD integration
- Security practices
- Red Flags: No version control, no CI/CD, security issues
Problem-Solving Approach
- Infrastructure Design
- Resource organization
- Module strategy
- State management
- Red Flags: Poor organization, no modules, poor state
- Environment Management
- Workspace strategy
- Configuration management
- Deployment process
- Red Flags: No workspaces, poor config, no deployment
System Design Skills
- Infrastructure Architecture
- Terraform organization
- Module design
- State management
- Red Flags: No architecture, poor modules, no state management
- Scalability
- Infrastructure scaling
- Resource optimization
- Cost management
- Red Flags: No scaling, poor optimization, no cost management
Communication Skills
- Clear Explanation
- Explains Terraform concepts
- Discusses trade-offs
- Justifies design decisions
- Red Flags: Unclear explanations, no justification, confusing
Meta-Specific Focus
- DevOps Expertise
- Understanding of IaC
- Terraform mastery
- Infrastructure automation
- Key: Demonstrate DevOps expertise
- System Design Skills
- Can design infrastructure
- Understands infrastructure challenges
- Makes informed trade-offs
- Key: Show practical infrastructure design skills
Summary
Terraform Key Points:
- Infrastructure as Code: Declarative infrastructure definition
- Multi-Cloud: Supports multiple providers
- State Management: Tracks infrastructure state
- Modules: Reusable components
- Idempotent: Safe to run multiple times
Common Use Cases:
- Cloud infrastructure provisioning
- Multi-cloud deployments
- Infrastructure automation
- Environment management
- Infrastructure versioning
- Disaster recovery
Best Practices:
- Use modules for reusability
- Manage state remotely
- Use workspaces for environments
- Version control everything
- Don’t commit secrets
- Document configurations
- Test infrastructure changes
Terraform is a powerful tool for managing infrastructure as code with support for multiple cloud providers and platforms.