# Terraform Basics

<p align=center><img src=images/TerraformIcon.png width=200 height=200></p>

> *Terraform* stands as a prominent Infrastructure as Code (IaC) tool in the realm of modern infrastructure management. IaC is an approach where infrastructure resources, such as virtual machines, networks, and databases—are defined and provisioned using code. Terraform enables this by providing a declarative and descriptive way to define infrastructure configurations in code files, which can then be executed to create, modify, or destroy the specified resources.

Unlike traditional manual infrastructure provisioning, where each step may involve manual configuration and error-prone processes, Terraform allows users to automate these tasks efficiently. By treating infrastructure as code, Terraform promotes consistency, repeatability, and predictability in resource management.

## Key Features

Terraform offers a set of powerful features and benefits:

- **Infrastructure as Code (IaC)**: Terraform defines infrastructure resources and their configurations in code, allowing for version control, collaboration, and automation

- **Declarative Configuration**: With Terraform, you specify what the desired infrastructure should look like, and Terraform takes care of figuring out how to make it so. This declarative approach simplifies the provisioning process.

- **Multi-Cloud Support**: Terraform supports multiple cloud providers (e.g., AWS, Azure, Google Cloud) and even on-premises infrastructure, making it a versatile tool for hybrid and multi-cloud environments

- **Resource Graph**: Terraform builds a resource graph to understand the relationships between resources, optimizing the order of resource creation and updates

- **Plan and Apply Workflow**: Terraform provides a workflow for planning changes before applying them, helping to prevent unintended modifications

- **State Management**: Terraform maintains a state file that keeps track of the current state of the infrastructure, enabling it to make intelligent decisions about what needs to be changed

- **Community and Ecosystem**: Terraform has a vibrant community, extensive documentation, and a rich ecosystem of modules and providers that extend its capabilities

## Uses Cases

Terraform is extensively used in various scenarios, including but not limited to:

- **Virtual Machine Provisioning**: Automating the creation of virtual machines on cloud platforms like AWS, Azure, and Google Cloud
- **Network Configuration**: Defining and managing networks, subnets, and security groups to establish secure and scalable network architectures
- **Container Orchestration**: Deploying container clusters using tools like Kubernetes or Docker Swarm
- **Database Deployments**: Setting up and configuring databases like MySQL, PostgreSQL, or NoSQL databases
- **Serverless Architectures**: Defining serverless functions and event triggers for event-driven architectures
- **Infrastructure Scaling**: Automatically scaling resources up or down based on demand

## Terraform Core Concepts

### 1. Infrastructure as Code (IaC)

Infrastructure as Code (IaC) is an approach to managing and provisioning infrastructure resources through code, bringing software development practices to infrastructure management. In IaC, infrastructure configurations are defined and managed using code files, allowing for automation, version control, and collaboration. The key principles of IaC include:

- **Automation**: IaC automates the process of provisioning and configuring infrastructure resources, reducing manual, error-prone tasks. Terraform automates the provisioning and management of infrastructure resources using declarative configurations.

- **Version Control**: IaC configurations are stored in version control systems, enabling tracking of changes, collaboration, and rollback to previous states. Terraform configurations are code files that can be versioned and stored in Git repositories, allowing teams to manage changes systematically.

- **Reusability**: IaC promotes the creation of reusable code modules, improving efficiency and consistency. Terraform modules enable the creation of reusable infrastructure components that can be shared across projects. We will cover Terraform modules extensively in a later lesson.

- **Consistency**: IaC ensures that infrastructure is provisioned consistently across environments, reducing configuration drift

### 2. Declarative vs Imperative Configuration

*Declarative* and *imperative* are two contrasting approaches to specifying how a system should work.

> In a declarative approach, you specify what the desired end state of the system should be, without specifying the step-by-step instructions to achieve it. It focuses on the "what" rather than the "how." Terraform follows a declarative approach, where you define the desired infrastructure state, and Terraform figures out how to make it so.

> In an imperative approach, you specify the exact steps or instructions needed to achieve a particular outcome. It focuses on the "how." Imperative approaches are often used in scripting and traditional configuration management tools.

Benefits of using declarative configuration include:

- **Simplicity**: Declarative configurations are typically simpler to read and understand because they describe the desired state without detailing the execution steps

- **Idempotence**: Declarative configurations are idempotent, meaning you can apply them multiple times without causing issues. Terraform will only make changes if necessary to bring the system to the desired state.

- **Predictability**: Declarative configurations provide a clear view of what the infrastructure should look like, making it easier to anticipate the results of changes

- **Parallelism**: Declarative configurations allow Terraform to understand resource dependencies and execute actions in parallel when possible, improving efficiency


## Terraform Configurations

> *Terraform configurations* are the heart of Terraform and define the desired state of your infrastructure. These configurations are written in *HashiCorp Configuration Language (HCL)* and serve as a declarative way to describe the resources, settings, and dependencies needed for your infrastructure. Terraform uses these configurations to plan, create, modify, or delete resources in various cloud providers, data centers, or other infrastructure platforms.

Key aspects of Terraform configurations include:

- **Resources**: Resources represent the infrastructure components you want to create and manage. These could be virtual machines, databases, networks, storage accounts, security groups, and more. Each resource is defined using a resource block within your configuration.

- **Resource Configuration**: Within each resource block, you specify the configuration settings for the resource. These settings include attributes like name, location, size, access control, and any other properties relevant to the resource type. The configuration defines how the resource should be created and configured.

- **Dependencies**: Resources can depend on each other. Terraform understands these dependencies and ensures that resources are created or modified in the correct order. You can express dependencies explicitly in your configuration to indicate relationships between resources.

- **Variables**: Terraform configurations can include variables to parameterize your configuration. Variables allow you to make your configuration more dynamic and reusable by passing values to resources, providers, and other elements of your configuration.

- **Outputs**: Output blocks allow you to expose specific information about created resources. These outputs can be used to obtain information about the infrastructure after it's provisioned, and they are often used for downstream processes or other parts of your infrastructure.

### Basic Syntax 

In Terraform, the basic syntax of configurations is built around the following key elements:

- **File Extension**: Terraform configuration files typically have a `.tf` file extension. These `.tf` files contain the definitions of your infrastructure components, services, or entities you want to create and manage.

- **Blocks**: Configuration is organized into blocks, identified by their block type (e.g., `resource`, `variable`, `provider`) and enclosed in braces `{}`. For instance, when defining infrastructure components or services you wish to create and manage, you use resource blocks. These resource blocks specify the type of resource and its configuration settings.

- **Arguments**: Within these blocks, you use key-value pairs to set configuration parameters. These key-value pairs are called arguments. Arguments define the specific settings and attributes for the associated resources or block types.

- **Comments**: Comments in Terraform configurations are preceded by the `#` symbol. Comments serve as a way to include explanatory notes and descriptions within your configuration files, helping you and others understand the purpose and functionality of various sections of the code.

### Variables and Data Types

Variables in Terraform configurations allow you to parameterize your infrastructure definitions. You can define variables with specific data types, making your configurations more flexible and reusable. Here's an example:

```hcl
# Declare a string variable
variable "location" {
  type    = string
  default = "East US"
}

# Declare an integer variable
variable "vm_count" {
  type    = number
  default = 2
}
```
The `variable` block declares two variables: `"location"` as a string and `"vm_count"` as a number. You can set default values for these variables.

### Expressions and Functions

Terraform also supports expressions and functions to manipulate and transform values within your configurations. You can perform calculations, string operations, and more. Here's an example using expressions:

```hcl
# Concatenate strings
resource "azurerm_virtual_machine" "example" {
  name     = "vm-${var.environment}-${count.index}"
  count    = var.vm_count
  location = var.location
}
```

In this example, the `name` attribute of the virtual machine resource uses an expression to concatenate the environment variable and the index.


## Providers 

> Terraform providers are a crucial concept that defines how Terraform interacts with various infrastructure platforms and services. Providers are responsible for understanding the APIs and resources offered by a specific platform, allowing Terraform to create, modify, or delete those resources. 

Key points about providers include:

- **Plugin-Based**: Providers are implemented as plugins, allowing Terraform to support a wide range of cloud providers, on-premises systems, and external services

- **Authentication**: Providers require authentication credentials, which can be configured securely using environment variables or other methods

- **Configuration**: Each provider has its own configuration settings, such as API endpoints and access keys, which are specified in Terraform configurations

Terraform supports a rich set of providers, enabling users to manage resources across various cloud providers, including but not limited to: AWS, Microsoft Azure, GCP, HashiCorp Consul and Vault (Terraform can manage HashiCorp's own products, including Consul for service discovery and Vault for secrets management) and Kubernetes.

## Hands-On: Creating and Managing Resources

In this section, we will walk through creating a storage account on the Azure cloud platform, using Terraform. We will demonstrate how to declare resources using resource blocks, understand resource arguments and attributes, and leverage the power of Terraform and Azure together.

Before creating the Azure Storage Account resource, make sure you have an Azure account (if you don't have one, you can sign up for a free Azure trial account) and Azure CLI installed on your local machine.

### Create a New Directory for Your Terraform Project

Begin by creating a new directory for your Terraform project. This directory will contain your configuration files. You can name the directory as you like, for example, `my-terraform-project`.

### Create a `main.tf` Configuration Fil

Create a new file named `main.tf` within your project directory. You can use Visual Studio Code or the command line to create this file. In this file, you will define your Terraform configurations.

### Create a Service Principal

To authenticate Terraform with your Azure account, you'll need to create a *Service Principal*. The Service Principal is like a service account that Terraform uses to interact with Azure resources.

Open your terminal and sign in to Azure using the Azure CLI command: `az login`. Follow the prompts to authenticate with your Azure account. Once you are logged in, list your Azure subscriptions and their details using the following command: `az account list --output table`. This command will display a table with information about your Azure subscriptions. Look for the `SubscriptionId` column to find your subscription ID.

Create a Service Principal by running the following command, replacing `myApp` with a name for your Service Principal and `{your-subscription-id}` with your Azure subscription ID: `az ad sp create-for-rbac --name myApp --role contributor --scopes /subscriptions/{your-subscription-id}`.

After running the command, you will receive `JSON` output with information about the Service Principal. Note down the values for `appId`, `password`, `tenant`, and `displayName`. These values will be used in your Terraform configuration.

### Define the Azure Provider in `main.tf`

Now that you have the required authentication details from the Service Principal, you can define the Azure provider in your Terraform configuration. Open the `main.tf` file in a text editor, and add the following block to define the Azure provider:

```hcl
terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "=3.0.0"
    }
  }
}

provider "azurerm" {
  features {}
  client_id       = "your-client-id"
  client_secret   = "your-client-secret"
  subscription_id = "your-subscription-id"
  tenant_id       = "your-tenant-id"
}
```

This block specifies the Azure region and your authentication details. Replace `your-subscription-id`, `your-client-id`, `your-client-secret`, and `your-tenant-id` with your actual Azure subscription and authentication details. `appID` is `your-client-id`, `password` is `your-client-secret` and `tenant` is `your-tenant-id`.

### Declare an Azure Storage Account

Next, declare an Azure Storage Account resource within the same `main.tf` file. This resource block specifies the type of resource and its configuration settings. You can customize the settings to your requirements. 

```hcl
# Define the Azure resource group resource
resource "azurerm_resource_group" "example" {
  name     = "my-resource-group"
  location = "UK South"
}

# Define the Azure Storage Account resource
resource "azurerm_storage_account" "example" {
  name                     = "<your-unique-storage-account-name"
  resource_group_name      = "my-resource-group"
  location                 = "UK South"
  account_tier             = "Standard"
  account_replication_type = "LRS"
  depends_on = [azurerm_resource_group.example]
}
```

This Terraform configuration defines the creation of an Azure resource group named `my-resource-group` in the UK South region and an Azure Storage Account named `mystorageaccount` within that resource group. The attributes specify essential details such as resource names, locations, performance tiers, and replication types. Additionally, the `depends_on` attribute establishes a dependency relationship, ensuring that the storage account creation occurs only after the resource group is created, guaranteeing the correct placement of the storage account within the resource group.

Save the `main.tf` file after adding the Azure provider and the Azure Storage Account resource definition.

> A common error when working with Terraform configurations is to get a Resource Dependency Error.

Imagine the following scenario, where you're provisioning a Virtual Machine that relies on a VNet, but Terraform fails due to the resource creating order. You will likely receive a similar error message:

```shell
Error Message: "Error: Error creating Virtual Machine: Error creating Virtual Machine 'example-vm': Network Interface 'example-nic' has not been created yet."
```

The solution here would be to utilize Terraform's dependency management features like `depends_on` to ensure resources are created in the correct order.

### Initialize a New Terraform Project

First, you will need to install Terraform on your local machine. You can do so by following the Terraform [recommended installation steps](https://developer.hashicorp.com/terraform/downloads). You can check if the installation was successful by running `terraform version`.

Next, initialize your Terraform project within `my-terraform-project` directory using the following command: `terraform init`. This command initializes your project, downloading the necessary provider plugins and setting up the working directory. You should see a similar output if the initialization was successful:

<p align="center">
    <img src="images/TerraformInit.png" height="250" width="600"/>
</p>

### Apply the Configuration

Now, you can apply the configuration to create the Azure VM by running the following command: `terraform apply`. Review the execution plan and confirm the changes by typing **yes** when prompted. Terraform will provision the Azure VM based on your configuration. If everything is create successfully, you should see a similar message in your terminal:

<p align="center">
    <img src="images/ResourcesCreated.png" height="250" width="600"/>
</p>

Additionally, you should be able to see these resources on the Azure portal.

Congratulations! You've successfully created a `main.tf` configuration file, defined the Azure provider, and declared an Azure Storage Account resource using Terraform.

## Terraform Commands

We have seen in the hands-on that Terraform provides different essential commands that allows you to manage your infrastructure as code (IaC) projects efficiently. In this section we will have a closer look at different key Terraform commands and how to use them effectively in a Terraform workflow.

### `terraform init`

The `terraform init` command is the first step when starting a new Terraform project or when working on an existing one. It initializes the working directory and downloads the necessary provider plugins and modules.

Run `terraform init` whenever you create a new Terraform configuration or if you've updated your configuration to include new providers or modules.

### `terraform plan`

The `terraform plan` command is used to preview the changes Terraform will make to your infrastructure. It analyzes your configuration and the current state, then shows the proposed additions, modifications, and deletions of resources.

Effective Usage:
- Run `terraform plan` before applying changes to your infrastructure to review and verify the expected modifications
- Use the `-out` flag to save the plan to a file (`terraform plan -out=plan.tfplan`) and apply the plan later with `terraform apply`
- Consider using the `-var` flag to provide variable values when running `terraform plan`

### `terraform apply`

The `terraform apply` command is used to apply the changes specified in your Terraform configuration. It creates, updates, or deletes resources to match the desired state.

Effective Usage:
- Always review the output of `terraform plan` before applying changes to avoid unintended modifications
- You can use the `-auto-approve` flag (`terraform apply -auto-approve`) to automatically approve and apply changes, but exercise caution when using this option
- It's a good practice to log or capture the output of `terraform apply` for auditing and tracking changes

### `terraform destroy`

The `terraform destroy` command is used to destroy all resources managed by Terraform in your configuration. It prompts for confirmation before destroying each resource.

Effective Usage:
- Be cautious when running `terraform destroy` in production environments. Ensure that you have a backup or a plan for resource recovery.
- Use the `-target` flag to specify specific resources to destroy (`terraform destroy -target=resource_type.resource_name`) instead of destroying the entire infrastructure
- Capture the plan using `terraform plan -destroy` to review and verify the destruction plan before executing it

> Navigate to the directory of the hands-on Terraform project and destroy all the resources we have provisioned in the hands-on. This ensures you won't have any charges on your Azure account.

### Terraform Workflow

An effective Terraform workflow involves the following steps:

- **Initialize**: Start by running `terraform init` to set up your project with the required providers and modules
- **Configuration**: Define your infrastructure as code using Terraform configurations (`.tf` files)
- **Plan**: Use `terraform plan` to preview the changes Terraform will make to your infrastructure. Review the plan to ensure it aligns with your intentions.
- **Apply**: Execute `terraform apply` to apply the changes specified in your configuration. Confirm the plan if prompted.
- **Maintenance**: Continuously update and maintain your Terraform configurations as infrastructure requirements evolve
- **Destroy**: When necessary, use `terraform destroy` to tear down resources. Be cautious and confirm the destruction plan.

## State Management 

> *Terraform state* is a critical component of Terraform's workflow. It represents the current state of your infrastructure and serves as the source of truth for Terraform. The state file is a record of the relationships and properties of the resources defined in your Terraform configuration. It contains essential information such as resource IDs, IP addresses, DNS names, and other attributes.

Terraform state is essential because it:

- **Tracks Resource State**: Terraform uses it to compare the desired state with the current state of resources, enabling precise updates
- **Manages Resource Dependencies**: It helps Terraform provision resources in the correct order and resolves dependencies accurately
- **Enables State Locking**: State locking prevents concurrent updates, enhancing stability and data integrity
- **Stores Critical Data**: It persists valuable infrastructure data for monitoring, troubleshooting, and auditing purposes

### The State File and Its Contents

> The Terraform state file, by default named `terraform.tfstate`, is created in the working directory where you run Terraform commands, unless you specify a different path or use a remote state backend.

It is a `JSON` or binary file that stores the following information:

1. **Resource Mapping**

   - **Resource Type**: The type of resource (e.g., `aws_instance`, `azurerm_virtual_network`)
   - **Resource Name**: The user-defined name of the resource
   - **Resource Index**: An index that differentiates multiple instances of the same resource type (if applicable)

2. **Resource Attributes**

   - For each resource, Terraform stores the attributes defined in your configuration (e.g., `ami`, `instance_type`, `name`, `tags`) along with their current values

3. **Dependencies**

   - Terraform records the relationships between resources to understand their dependencies. For example, it knows that a web server depends on a virtual network.

4. **Metadata**

   - The state file may also contain metadata such as information about the Terraform version used, the provider versions, and backend configuration details

5. **Sensitive Data**

   - Sensitive data marked as "sensitive" in your configuration (e.g., passwords, secrets) is stored in the state file in an encrypted form

You can check out the contents of this file for yourself after running `terraform apply` in your project directory.

### Securing the Terraform State

Since the state file contains sensitive information and is essential for your infrastructure, it's crucial to secure it. Here are some best practices:

- **Use Remote State Backends**: Store your state remotely using a remote backend like AWS S3, Azure Blob Storage, or HashiCorp Consul. These backends offer versioning, access controls, and encryption.

- **Encrypt Sensitive Data**: When working with sensitive data, ensure it is encrypted both in transit and at rest. Use secure storage mechanisms provided by your chosen backend.

- **Access Control**: Restrict access to the state file by using access controls provided by the remote state backend. Only authorized users and systems should have access to the state.

- **Regular Backups**: Keep regular backups of your state files in case of accidental deletions or corruption. Versioned backends can help with this.

## Key Takeaways

- Terraform is a powerful Infrastructure as Code (IaC) tool that allows you to define and provision infrastructure resources using code, promoting consistency, repeatability, and automation in resource management
- Terraform uses a declarative approach, where you specify what the desired infrastructure should look like, and Terraform takes care of figuring out how to make it so. This simplifies the provisioning process.
- Terraform interacts with various infrastructure platforms and services through providers, while resources represent the infrastructure components you want to create and manage. Resources are declared using resource blocks within Terraform configurations.
- Terraform configuration files use the HashiCorp Configuration Language (HCL) and have a structured syntax with blocks and key-value pairs. Configuration files are typically organized into blocks for providers, resources, data, and more.
- When working with cloud providers, you need to provide authentication credentials securely to Terraform, usually through environment variables or configuration settings
- Terraform provides a set of essential commands, including `init` for project initialization, `plan` for generating execution plans, `apply` for applying configurations, and `destroy` for resource cleanup
- Terraform maintains a state file that keeps track of the current state of infrastructure. Understanding state management is crucial for tracking and managing resources over time