As organizations continue to adopt cloud technologies and infrastructure, the need for efficient and streamlined management tools is becoming increasingly important. Terraform Cloud from HashiCorp is a platform that offers a solution to this challenge by providing a centralized location for managing infrastructure as code.
With Terraform Cloud, teams can collaborate on infrastructure projects, track changes, and automate deployments. Additionally, Terraform Cloud provides a range of features that make it easier to manage complex infrastructure environments, such as version control, state management, and policy enforcement.
In this review, we will explore the key features of Terraform Cloud and evaluate its effectiveness in solving common infrastructure management challenges. After spending some time using Terraform cloud, we can confidently say that it is a game changer for infrastructure management. In this product review, we will delve into the features that make Terraform cloud stand out and why it’s worth considering for your organization.
What do we look at when we undertake a review? We have 5 main criteria that we look at when undertaking a product review, these are:
- Features: What are the main features? What are the products strengths, which areas does it well and areas there are weaknesses, what are the features that are missing or not fully developed.
- Getting Started: Ease of Installation: How easy is the application to install, or the lack of friction in setting up an account if a platform a SaaS based product
- Initial Configuration: Ease of Getting productive for a simple use case. For example, how easy is it to deploy a simple three-tiered application or create your first dashboard capturing meaningful data.
- Mountains or Mole Hills: How Steep is the learning curve from simple uses to more advanced needs; How easy is it to learn the product, are there any training resources, are they Free or Costed?
- Support: What is the support model, how good is the documentation, it is opaque, or in clear understandable language?
What is Terraform Cloud?
Terraform cloud is an application that helps teams use terraform collaboratively. Its basic use is to manage the Terraform Runs in a consistent manner, and is available with both an always free tier, and three costed options that offer more features and scaling options.
Terraform cloud comes in three flavours, there is an always free tier (see the Amazic article for a deep dive), the only proviso is that you can only have 500 resources per organization deployed at any time. The recent change in the feature set has dramatically improved its capabilities. It is an excellent entry point for small teams and organisations who are just starting out with Terraform. Everything needed to use Terraform in a team setting is included for free, including remote state, remote runs, private registry, secure variables, dynamic provider credentials, and more security capabilities for a robust security posture from the outset. Among the new features are:
- SSO — Owners have more control over securing access to an organization’s infrastructure, lowering risk by enforcing identity and access management (IAM) standards. You can connect and AzureAD (sorry Microsoft Entra ID), an Okta source or a SAML provider.
- HashiCorp Sentinel and OPA policy as code — Write policies as code and make policy infractions visible to advisory enforcement. This is limited to a single policy for the free edition, but considering that sentinel can run multiple tests and the first test could be an environment selection test this limitation should not be too constricting.
- Run Tasks – Include third-party product checks for increased security, code scanning, cost control, and regulatory compliance. This is an awesome ability to integrate a third-party product like snyk to review your code for security vulnerabilities.
- Terraform Cloud Agent – Runs and resources can be managed in isolated, private, or on-premises settings.
Moving up to the Standard edition, we have the same features as the free tier together with the additional feature of Team Management, this is a feature that allows an admin to grant the correct permissions a workspace to allow the team members to undertake the tasks of their respective roles for example, Terraform runs, create workspace variables, read and write state, etc. moving to the standard edition simply requires a credit card payment method to be added; this allows a team to have three concurrent deploy or destroy runs at any time.
The final tier is the plus level, this removes the limitations on policy creation, enforcement, Run Tasks and enforcement, and increase the concurrency run limit to ten by default and increase the number of Self Hosted agents to a default of ten, both these can be increased at request to your customer manager. However it is the visibility and optimisation improvements that make the move to plus interesting, the ability to configure drift detection, (the ability to confirm that what TFC thinks is correct corresponds with the reality of the deployed environment), continuous validation (check that your environment is operation as expected). The ability to store audit logs for 14 days, ServiceNow integration and the ability to provision IaC with NoCode.
This is a very simple process simply point your browser at the following link:
You are given two options for initial account creation, either create a standalone account or use a pre-existing or new HCP (Hashicorp Cloud account).
Creating a standalone account is a simple affair, enter you preferred username, an email address, and desired password. You will receive the standard prove you are who you say you are email, click the link and voila, you are in.
Rating – Old lady at the bus stop: Creating an account on HashiCorp Terraform Cloud is really simple.
The first task create an organisation, you have three options here, one is an accelerated start, the second is “start from scratch” and the third is to import an existing state-file. For the purposes of this review, we selected “start from scratch”. This option creates an empty Organisation.
Clicking on the box will display the following form:
Create your organisation name, and enter an email. Click “create organization”, the next part of set up is to create a “Workspace”
Configuring a Terraform Cloud workspace requires some effort. The setting up a workspace can be done in a few simple steps, and the UI guides you through the process. Your organisation can include several workspaces and these can be easily created, you can also easily manage existing ones, and view their status form the UI. The act of creation is a four stage process:
- Chose type: version Control workflow, your Terraform configuration files are stored in a git repository.
- Connect o VCS: you have an option of four common VCS repositories (GitHub, GitLab, Bitlocker and Azure DevOps)
- Choose a repository: if you do not have any repositories in your Git repository, you have the option of copying an example repo to get you started.
- Configure Settings: You have the option to create a project, this is a new Terraform construct, that sits below an organisation and above the workspace. There is are some advanced options, but, for initial organisation creation there is no need to configure this.
Once these fields have been completed simply click the “create workspace” button and voila.
Other methods of configuration
In addition to the UI, Terraform Cloud also allows you to use the Terraform CLI to configure workspaces. This is particularly useful if you prefer working with the CLI or if you need to automate workspace creation. To set up a workspace with the CLI, you simply need to run a few commands. For example, you can use the “terraform workspace new” command to create a new workspace, and the “terraform workspace select” command to switch between workspaces. The CLI also provides access to logs and state files, making it easy to manage your workspaces from the command line.
Finally, Terraform Cloud also allows you to create workspaces using its API. This is useful if you need to automate workspace creation or if you want to integrate Terraform Cloud with other tools or systems. To create a workspace using the API, you need to send a POST request to the “/organizations/:organization_name/workspaces” endpoint with the appropriate parameters. For example, you can specify the name and description of the workspace, the VCS repository it should use, and any variables or settings it requires. Once the workspace is created, you can use the API to manage it just like you would with the UI or CLI.
Deploying your first workload
To configure a “Run” from the UI creating not as intuitive as the initial set up.
With Terraform Cloud you effectively replace the *.TFVARs file that provides values to your variable files, with pre-configured variable sets.
Dealing with Variables in Terraform Cloud
One of the advantages that TFC brings to the table is the ability to manage variables, at three levels, the organisation, the Project and the workspace. This allows a very granular way of handling common variables, These variables are typically used to manage configuration across multiple workspaces within the same organization. Some examples of variables that could be set at the organization level include:
- Cloud provider credentials: API keys, access tokens, or other authentication credentials required for accessing cloud services, such as AWS, Azure, or Google Cloud Platform.
- Default resource configurations: Default values for resource configurations that are shared across multiple workspaces. For example, setting a default instance type or region for cloud resources.
- Environment-specific settings: Variables that define settings specific to different environments (e.g., development, staging, and production). These variables can help manage different configurations for each environment while using the same Terraform codebase.
- Shared secrets and sensitive data: API keys, database credentials, or other sensitive information that needs to be securely shared across multiple workspaces.
Here are some examples of variables that could be set at a project or workspace level:
- Project-specific resource configurations: Values for resource configurations that are unique to a specific project, such as instance size, resource tags, or the number of instances to create.
- Environment variables: Variables that control the behaviour of Terraform or other tools within the workspace, such as TF_LOG for controlling Terraform’s log output or ARM_CLIENT_ID for Azure authentication.
- Backend configurations: Variables related to the backend used for storing Terraform state files, such as the bucket name, key, and region for an S3 backend.
- Project-specific secrets and sensitive data: API keys, database credentials, or other sensitive information that is specific to a particular project and should not be shared across multiple workspaces.
For simplicity, we only set workspace level variables. This does not prevent the creation of Global level variables, however any that have been created will be overwritten by a same named workspace level variable.
Running the first Plan and apply
The code that we used as he basis of our trial, required the setting of a working directory, this was not obvious, until I attempted the first run, when we errored with the following message:
This is an expected error as our configuration code is stored in a working directory off the root of the repository. The fix to this was found under the general settings in the section “Terraform Working Directory”. Enter the relative directory to the code, in our case it was “./terraform/dev” (one thing to remember is that the folder syntax in in the Linux notation, therefore it is forward slash not backslash).
Rating – Ross Gellar: This would have been an Old lady rating but getting your first deploy and destroy is not a straight-forward as it could be.
Molehills or Mountains
The experience of learning Terraform Cloud can vary depending on your knowledge with infrastructure as code (IaC). The learning curve for individuals new to IaC and Terraform may feel like climbing a little hill, but Everest it is not. It will take time to understand the fundamentals of Terraform, including as its syntax and how to work with cloud resources. However, once you’ve mastered the fundamentals, navigating Terraform Cloud should be a breeze.
For individuals with prior IaC experience, the learning curve may feel more like stepping over a molehill. Terraform Cloud is built on Terraform’s fundamental concepts, so if you’re already familiar with those, adjusting to Terraform Cloud should be simple.
Terraform Cloud is a powerful solution that may help you manage your infrastructure more efficiently, regardless of your degree of experience with IaC. Terraform Cloud’s ability to automate infrastructure deployment and management can save you time and lower the risk of errors that might occur with manual operations.
To get started with Terraform Cloud, it’s vital to first master the fundamentals of Terraform and IaC. This can entail being acquainted with the syntax, learning how to work with cloud resources, and learning how to manage your infrastructure using modules.
Once you’ve mastered the foundations, you can go on to the more complex aspects of Terraform Cloud. Using workspaces to manage different environments, employing remote state management for collaboration, and connecting with other tools and services in your workflow are all examples of this.
Overall, while Terraform Cloud has a learning curve, it is a valuable tool that can help you manage your infrastructure more efficiently. Terraform Cloud is well worth the time and effort required to learn because of its extensive automation capabilities and robust feature set.
Rating – Ross Gellar: Overall getting started and configuring a basic environment is simple and well within the capability of the proverbial old lady, however the UI is not as intuitive as it could be so there is a slight incline to scaling out and utilising the more advanced features.
Terraform Cloud is a flexible platform with varying features and support levels depending on the version you choose. However, there is no clear breakdown of support choices per edition, which might make determining the kind of assistance you can expect challenging.
Terraform Cloud, fortunately, provides rich documentation, tutorials, and guides to assist customers in navigating the platform. There are resources available for maintaining Terraform versions, upgrading Terraform, and using the
Terraform provider with Oracle Cloud Infrastructure. This documentation is a great resource for users who require assistance with certain activities or who want to learn more about the platform’s capabilities.
Terraform Cloud offers a robust community of users and contributors that can provide support through forums, chat rooms, and GitHub repositories, in addition to documentation. This community is an excellent resource for people who want to interact with other platform users and share information and best practises.
Terraform Cloud provides access to HashiCorp’s official support channels, including email and phone support, as well as professional support engineers for more complicated issues, for users who require more sophisticated assistance. The level of assistance you receive is determined by the edition you choose, so carefully consider your alternatives before making a selection.
We recommend visiting the official HashiCorp website or contacting their sales team for a more complete description of support options relevant to each Terraform Cloud edition. They can tell you more about the different editions and the degree of support you can expect from each one.
Overall, Terraform Cloud is a strong platform with a variety of functionality and support choices to fulfil the demands of various users. Whether you’re new to Terraform or a seasoned pro, there are tools available to help you get the most out of the platform.
Rating – Ross Gellar: HashiCorp has a good level of support for Terraform Cloud, this included the Free tier, access to sources such as https://developer.hashicorp.com is a veritable smorgasbord of knowledge. For those on the paid versions, their Silver and Gold support levels provider an enhance level of access.
Who is the competition?
In comparison to its competitors, Terraform Cloud has some distinct differences and advantages.
env0 is a relatively new IaC management platform that provides a collaborative environment for teams to manage their Terraform, Terragrunt, and other IaC frameworks. It offers features like RBAC (Role-Based Access Control), automated environment provisioning, cost management, and policy enforcement. While both Terraform Cloud and env0 support Terraform, env0 is designed as a management platform for multiple IaC frameworks. In contrast, Terraform Cloud is solely focused on managing HashiCorp’s Terraform.
Microsoft Azure DevOps Services is an agile development product that extends the Microsoft Visual Studio architecture and includes software development, collaboration, and reporting capabilities. Terraform Cloud, on the other hand, focuses primarily on IaC and automation. Both tools can be used together for a comprehensive DevOps solution, with Terraform Cloud managing infrastructure provisioning and Azure DevOps handling application deployment and collaboration.
VMware vRealize Automation (vRA) is a cloud management platform that automates the delivery of personalized infrastructure, applications, and custom IT services. While both vRA and Terraform Cloud offer automation capabilities, Terraform Cloud is more focused on IaC and has a broader range of supported cloud providers. In contrast, vRA is more focused on VMware-based environments and third-party cloud options.
SpaceLift positions itself as a Terraform Cloud alternative, offering a customizable GitOps workflow and helping users manage infrastructure at scale. One of the key differences between Spacelift and Terraform Cloud is their pricing model. Spacelift uses a predictable pricing model without Resources Under Management (RUM) fees, providing unlimited policies in all tiers and unlimited integrations with third-party tools
Each tool has its own strengths and weaknesses, and the choice of which to use depends on your organization’s specific needs and technical requirements. Terraform Cloud is particularly noteworthy for its focus on IaC, multi-cloud support, and extensive provider ecosystem. However, it may be necessary to combine Terraform Cloud with other tools like Azure DevOps Services or Jenkins for a complete DevOps solution. For organizations looking for a more collaborative IaC management platform that supports multiple IaC frameworks beyond just Terraform, env0 is an interesting alternative.
In the realm of infrastructure management, Terraform Cloud stands out as a game-changing solution. Its efficient and streamlined platform allows teams to collaborate seamlessly on infrastructure projects. With its user-friendly interface, easy installation, and powerful features such as version control, state management, and policy enforcement, Terraform Cloud effectively addresses common infrastructure management challenges.
In terms of its overall rating, Terraform Cloud comfortably earns a 3.6 out of 5; Which places it between the kind-hearted Forrest Gump and the affable palaentologist Ross Geller. Therefore we will round it up to 4 out of 5. This rating signifies that the platform is not only intuitive and easy to use but also offers advanced capabilities that cater to users with varying levels of expertise. Terraform Cloud strikes a perfect balance between simplicity and functionality, making it a valuable addition to any organization looking to optimize their cloud technologies and infrastructure management processes.
Overall, Terraform Cloud is a powerful tool that can help organizations improve their infrastructure management processes. Its ease of use and advanced features make it a valuable asset for teams looking to streamline their workflows and optimize their cloud technologies. With its impressive capabilities and user-friendly interface, Terraform Cloud is a platform that is definitely worth considering for any organization looking to take their infrastructure management to the next level.
Want to buy HashiCorp Terraform? Visit Amazic Marketplace to find, compare & buy software and services.