Slide 1

Slide 1 text

© 2023 HASHICORP 1 HashiCorp Terraform for Network Infrastructure as Code Rosemary Wang Developer Advocate at HashiCorp @joatmon08

Slide 2

Slide 2 text

© 2023 HASHICORP 2 Write network infrastructure as code Share it with your team and organization. Run it in production. Research Adopt Standardize Scale The Infrastructure as Code Journey @joatmon08

Slide 3

Slide 3 text

© 2023 HASHICORP Declarative Define what resources should be. 3 Maintain Code & State Use as source of truth. Inject Dependencies Decouple resources to mitigate impact. Practices @joatmon08

Slide 4

Slide 4 text

© 2023 HASHICORP Declarative Define what resources should be. 4 Maintain Code & State Use as source of truth. Inject Dependencies Decouple resources to mitigate impact. Practices @joatmon08

Slide 5

Slide 5 text

© 2023 HASHICORP 5 Declarative Define expected state of infrastructure in configuration files that you can version, reuse, and share. locals { annotation = "orchestrator:terraform" } resource "aci_tenant" "dev" { description = "This tenant is created by Terraform" name = "${var.prefix}_tenant" annotation = local.annotation } resource "aci_application_profile" "dev" { tenant_dn = aci_tenant.dev.id name = "${var.prefix}_ap" annotation = local.annotation } resource "aci_vrf" "dev" { tenant_dn = aci_tenant.dev.id name = "${var.prefix}_vrf" annotation = local.annotation } @joatmon08

Slide 6

Slide 6 text

© 2023 HASHICORP @joatmon08

Slide 7

Slide 7 text

© 2023 HASHICORP 7 registry.terraform.io/browse/providers?category=networking Terraform Providers for Networking @joatmon08

Slide 8

Slide 8 text

© 2023 HASHICORP Declarative Define what resources should be. 8 Maintain Code & State Use as source of truth. Inject Dependencies Decouple resources to mitigate impact. Practices @joatmon08

Slide 9

Slide 9 text

© 2023 HASHICORP 9 Manage Code & State Establish a source of truth with configuration and state. terraform { cloud { organization = "hashicorp-team-da-beta" workspaces { tags = ["datacenter", "networking", "source:cli"] } } } resource "aci_tenant" "dev" { description = "This tenant is created by Terraform" name = "${var.prefix}_tenant" annotation = local.annotation } @joatmon08

Slide 10

Slide 10 text

© 2023 HASHICORP @joatmon08

Slide 11

Slide 11 text

© 2023 HASHICORP @joatmon08

Slide 12

Slide 12 text

© 2023 HASHICORP @joatmon08

Slide 13

Slide 13 text

© 2023 HASHICORP Declarative Define what resources should be. 13 Maintain Code & State Use as source of truth. Inject Dependencies Decouple resources to mitigate impact. Practices @joatmon08

Slide 14

Slide 14 text

© 2023 HASHICORP 14 Inject Dependencies Retrieve metadata from an abstraction to change downstream dependencies independently. data "aws_availability_zones" "available" { state = "available" filter { name = "group-name" values = [var.region] } } resource "aws_subnet" "public" { count = var.public_subnet_count vpc_id = aws_vpc.nfd.id availability_zone = data.aws_availability_zones.available.names[count .index] // omitted } @joatmon08

Slide 15

Slide 15 text

© 2023 HASHICORP @joatmon08

Slide 16

Slide 16 text

© 2023 HASHICORP 16 developer.hashicorp.com/terraform/language Terraform Configuration Language @joatmon08

Slide 17

Slide 17 text

© 2023 HASHICORP Declarative Define what resources should be. 17 Maintain Code & State Use as source of truth. Inject Dependencies Decouple resources to mitigate impact. Practices @joatmon08

Slide 18

Slide 18 text

© 2023 HASHICORP 18 Learn more at developer.hashicorp.com/terraform/tutorials @joatmon08

Slide 19

Slide 19 text

© 2023 HASHICORP 19 Collaboration Practices for Network Infrastructure as Code with HashiCorp Terraform Cloud Rosemary Wang Developer Advocate at HashiCorp @joatmon08

Slide 20

Slide 20 text

© 2023 HASHICORP 20 Write network infrastructure as code Share it with your team and organization. Run it in production. Research Adopt Standardize Scale The Infrastructure as Code Journey @joatmon08

Slide 21

Slide 21 text

© 2023 HASHICORP Modularize Offer self-service for resources. 21 Test Validate system functions as intended. Verify Check secure & compliant configurations and settings. Practices @joatmon08

Slide 22

Slide 22 text

© 2023 HASHICORP 22 Modularize Group common resources to enable self-service of properly configured network infrastructure. locals { annotation = "orchestrator:terraform" } resource "aci_tenant" "dev" { description = "This tenant is created by Terraform" name = "${var.prefix}_tenant" annotation = local.annotation } resource "aci_application_profile" "dev" { tenant_dn = aci_tenant.dev.id name = "${var.prefix}_ap" annotation = local.annotation } resource "aci_vrf" "dev" { tenant_dn = aci_tenant.dev.id name = "${var.prefix}_vrf" annotation = local.annotation } @joatmon08

Slide 23

Slide 23 text

© 2023 HASHICORP @joatmon08

Slide 24

Slide 24 text

© 2023 HASHICORP 24 registry.terraform.io/search/modules Modules on Terraform Registry @joatmon08

Slide 25

Slide 25 text

© 2023 HASHICORP Modularize Offer self-service for resources. 25 Test Validate system functions as intended. Verify Check secure & compliant configurations and settings. Practices @joatmon08

Slide 26

Slide 26 text

© 2023 HASHICORP 26 Test Write different tests to check for specific attributes and functionality. // VARIABLE VALIDATION variable "region" { type = string default = "us-east-1" description = "AWS Region" validation { condition = startswith(var.region, "us-") error_message = "Only use AWS regions in US" } } // TEST aws_subnets_have_correct_mask = rule { all aws_subnets as _, aws_subnets { aws_subnets.values.cidr_block contains "/24" } } @joatmon08

Slide 27

Slide 27 text

© 2023 HASHICORP @joatmon08

Slide 28

Slide 28 text

© 2023 HASHICORP @joatmon08

Slide 29

Slide 29 text

© 2023 HASHICORP 29 play.sentinelproject.io/ Sentinel @joatmon08

Slide 30

Slide 30 text

© 2023 HASHICORP

Slide 31

Slide 31 text

© 2023 HASHICORP Modularize Offer self-service for resources. 31 Test Validate system functions as intended. Verify Check secure & compliant configurations and settings. Practices @joatmon08

Slide 32

Slide 32 text

© 2023 HASHICORP 32 Verify Use existing policy libraries and custom policies to check for compliant and secure infrastructure configuration. // Policies to Run policy "public_access" { query = "data.terraform.policies.public_access.deny" enforcement_level = "mandatory" } // Policy Definition package terraform.policies.public_access import input.plan as tfplan deny[msg] { r := tfplan.resource_changes[_] r.type == "aws_security_group" r.change.after.ingress[_].cidr_blocks[_] == "0.0.0.0/0" msg := sprintf("%v has 0.0.0.0/0 as allowed ingress", [r.address]) } @joatmon08

Slide 33

Slide 33 text

© 2023 HASHICORP @joatmon08

Slide 34

Slide 34 text

© 2023 HASHICORP 34 registry.terraform.io/browse/run-tasks Terraform Cloud Run Tasks @joatmon08

Slide 35

Slide 35 text

© 2023 HASHICORP @joatmon08

Slide 36

Slide 36 text

© 2023 HASHICORP @joatmon08

Slide 37

Slide 37 text

© 2023 HASHICORP 37 developer.hashicorp.com/terraform/cloud-docs/policy-enforcement Terraform Cloud Policy Enforcement @joatmon08

Slide 38

Slide 38 text

© 2023 HASHICORP 38 Learn more at developer.hashicorp.com/terraform/tutorials/cloud -get-started @joatmon08

Slide 39

Slide 39 text

© 2023 HASHICORP 39 Manage Network Infrastructure as Code Complexity with HashiCorp Terraform Cloud Rosemary Wang Developer Advocate at HashiCorp @joatmon08

Slide 40

Slide 40 text

© 2023 HASHICORP 40 Write network infrastructure as code Share it with your team and organization. Run it in production. Research Adopt Standardize Scale The Infrastructure as Code Journey @joatmon08

Slide 41

Slide 41 text

© 2023 HASHICORP Bridge Use manual interfaces to run infrastructure as code. 41 Validate Reconcile source of truth. Change Use immutability to update infrastructure. Practices @joatmon08

Slide 42

Slide 42 text

© 2023 HASHICORP 42 developer.hashicorp.com/terraform/cloud-docs/integrations/service-now Change Management Systems @joatmon08

Slide 43

Slide 43 text

© 2023 HASHICORP @joatmon08

Slide 44

Slide 44 text

© 2023 HASHICORP 44 developer.hashicorp.com/terraform/tutorials/cloud/no-code-provisioning No-Code Provisioning @joatmon08

Slide 45

Slide 45 text

© 2023 HASHICORP Bridge Use manual interfaces to run infrastructure as code. 45 Validate Reconcile source of truth. Change Use immutability to update infrastructure. Practices @joatmon08

Slide 46

Slide 46 text

© 2023 HASHICORP 46 Validate Reconcile current state to codified one in order to reduce errors. data "aws_acm_certificate" "issued" { domain = "tf.example.com" most_recent = true } resource "aws_lb_listener_certificate" "example" { listener_arn = aws_lb_listener.front_end.arn certificate_arn = data.aws_acm_certificate.issued.arn lifecycle { postcondition { condition = data.aws_acm_certificate.issued.status != "EXPIRED" error_message = "The listener certificate has expired." } } } @joatmon08

Slide 47

Slide 47 text

© 2023 HASHICORP @joatmon08

Slide 48

Slide 48 text

© 2023 HASHICORP @joatmon08

Slide 49

Slide 49 text

© 2023 HASHICORP 49 developer.hashicorp.com/terraform/cloud-docs/workspaces/health Health Assessments @joatmon08

Slide 50

Slide 50 text

© 2023 HASHICORP Bridge Use manual interfaces to run infrastructure as code. 50 Validate Reconcile source of truth. Change Use immutability to update infrastructure. Practices @joatmon08

Slide 51

Slide 51 text

© 2023 HASHICORP @joatmon08

Slide 52

Slide 52 text

© 2023 HASHICORP @joatmon08

Slide 53

Slide 53 text

© 2023 HASHICORP @joatmon08

Slide 54

Slide 54 text

© 2023 HASHICORP 54 …even continuously deployed changes @joatmon08

Slide 55

Slide 55 text

© 2023 HASHICORP @joatmon08

Slide 56

Slide 56 text

© 2023 HASHICORP @joatmon08

Slide 57

Slide 57 text

© 2023 HASHICORP 57 developer.hashicorp.com/consul/tutorials/network-infrastructure-automation/co nsul-terraform-sync-intro Consul-Terraform-Sync @joatmon08

Slide 58

Slide 58 text

© 2023 HASHICORP 58 Learn more at developer.hashicorp.com/terraform/tutorials/cloud @joatmon08