weekly.tf • 0.13.0-beta2, terraform-visual, terraform-aws-lambda #12

Doing development work for infrastructure-as-code projects has many similarities to other software engineering domains: you write code, you write tests, you do manual tests, you deploy. But there are also differences: the code is more stateful, and there are lots of APIs involved which bring brittleness and uncertainty.

But I believe the most significant is that the development cycle times are longer. I can run a build and test in a medium-sized go project in < 1 minute. I can't run any significant Terraform plan+apply+test in less than five. Usually more like 10 to 15 for the fun stuff.

This makes it much harder to iterate and improve the code. It makes it harder to test. And it makes it harder to apply good software engineering practices.

I am curious to hear what others do to manage this challenge.

terraform-visual

A brand new project, but it looks like a great tool for navigating terraform plans visually.

v0.13.0-beta2 ·terraform — github.com

The second beta for Terraform 0.13. A few notable changes:

• There are many ways to authenticate to AWS and the SDKs have clear preferences for which ones to use. However, until now Terraform used a non-standard set of preferences. Terraform's order had been static credentials, environment variables, shared credentials files, the EC2 metadata and then default AWS Go SDK (shared configuration, web identity, ECS metadata, EC2 metadata). It is now static configuration, environment variables, shared credentials files, default AWS Go SDK (shared configuration file, web identity, ECS metadata, EC2 Metadata metadata). As far as I can tell, this should only affect you if you are using EC2 metadata to authenticate. #25134

• The AWS_METADATA_TIMEOUT environment variable no longer has any effect and the default AWS Go SDK timeout of one second with two retries is used instead. #25134

• The AWS_SDK_LOAD_CONFIG is no longer required. Until now you had to set this to get Terraform (and any aws-sdk-go using project) to read your shared configuration file, .aws/config. The SDK's behavior here is perplexing and I am glad that Terraform now no longer requires this. #25134

terraform-aws-lambda

A new (to me) module for doing AWS Lambda's with Terraform.

Working with Lambda in Terraform is a challenge for any non-trivial use case. This module seems to do a reasonable job, though I haven't used it myself yet.

Seems to be an interesting to approach to have a pure Terraform batteries-included approach.

Terraform Visual Studio Code Extension v2.0.0

As previously mentioned, Hashicorp is taking over development of the previously community-led VS Code extension. The v2 release is the first one that includes the new language server, full support for Terraform 0.12

v0.19.0 · terraform-provider-tfe

One new feature worth mentioning is support for custom workspace permissions. This allows setting a custom set of flags for access to a workspace, rather than the level-based approach used until now. #184

awesome-terraform-enterprise

I found this useful, but my team is also going through a migration to Terraform Enterprise right now. Could be useful for you if you use either TFE or TFC.