Hello everyone. Thank you for joining. Today we're going to talk about Codeia Cloud Infrastructure as Code best practices with Terraform. My name is Madhu Kumayaluri. In this presentation, we will discuss how Terraform as an Infrastructure as Code tool helps manage your cloud resources effectively. We will cover some best practices for creating scalable, secure and maintainable cloud infrastructure. That's my company I use for consulting projects with various customers, Fortune Technologies Limited. A little bit more about me. I'm a principal cloud architect and DevSecOps consultant, helping many customers to migrate to cloud and help them with DevOps processes, helping with architecture designs, end to end automation, security, et cetera. I'm also an AWS hero and lead many global dev communities like AWS User Group, HashiCorp, DevSecCon, Snyk, and DevOps Institute PeopleSet as a chapter leader and brand ambassador. If you want to learn more about me, please scan the QR code and connect me on LinkedIn. Infrastructure as a Code is a powerful way to manage cloud resources by writing code rather than manually configuring each resource. like going to the console, click, and just creating the resources. And that's not a good way. IAC provides consistency, allows you to version control your changes, and makes it much easier to scale your infrastructure. So today we'll focus on how using infrastructure as a code, specifically with Terraform, can enhance your cloud deployments. So let's begin by defining ISE. So infrastructure as a code means describing your cloud infrastructure using code, like we learned in the previous slide. This approach enables consistency in configurations, allowing us to track your changes, makes deployments repeatable. By coding infrastructure, we can avoid errors, reduce manual configuration, and deploy much faster. So why Terraform? Why Terraform? So first, Terraform is Provider Diagnostic, meaning it can work across multiple cloud platforms like AWS, Azure, GCP, multiple hyperscalers. It doesn't mean that you use the same code in every hyperscaler. It means that you have to create separate modules for each of them. But it's possible to create for, yeah, various hyperscalers. It uses a declarative language called HCL, HashiCorp Configuration Language. So where you define the desired end state rather than the exact steps. Terraform also has a strong community and ecosystem with reusable modules, making it more ideal for infrastructure as a code. So in this session, I'll try to cover some best practices for Terraform, including organizing code, modules for reusability, how you manage your state files, handling environments, implementing security, testing and automating deployments, on a very high level. So these practices are essential for creating efficient and scalable and, secure your environment. So organizing code structure to keep telephone code organized, it's important to structure it by a service or a component. like you see on the right hand side of the picture, so such as like network layer, database layer, application layers. So use a consistent file naming convention as well, like main. tf for main configurations, variable. tf for input variables, and output. tf for outputs. A clean structure makes it easier for the teams to find and manage specific configurations. Modules for reusability. So modules are key to write the reusable code in Terraform. By using modules, you can create reusable standalone pieces of code for common infrastructure patterns like landing zone, SHL, like VPC, virtual private cloud. It's best to design modules with clear inputs. and outputs and to keep them focused on a single purpose for better maintainability. State management, terraform, state files track, every single thing you create on your cloud and tracks the current state of your infrastructure. To avoid conflicts and enable team collaboration, store files remotely, such as in an Amazon S3 bucket and use database like DynamoDB for state locking, securing and versioning your state file is very critical to prevent sensitive data leaks. Environment segmentation, when working with multiple environments like downstaging production, it's important to isolate each environment using telephone workspaces or directories. It's more of common sense, The isolation like you see on the right hand side of the picture it's it makes more sense for you to isolate your dev environment because Where you play around it's more like a sandbox. You don't want to do Yeah, you can do anything you want and production is more like, you don't want to touch It's live it impacts the customer it impacts It causes a huge impact. So It makes sense to isolate this to ensure that changes from one environment won't impact others and makes deployments more predictable and manageable. Some of the security practices, security is very ground zero in cloud and crucially infrastructure as a cloud. Avoid hard coding secrets. Instead, use secret management tools like AWS Secrets Manager, Parameter Store, or HashiCorp World. Grant the least privilege access necessary to developers, and enable auditing to track those changes. this approach basically safeguards sensitive data, and keeps your infrastructure more secure. The most common security pathway, like I've seen, is more like, this, Yeah, secrets, API keys. So they're basically hard coded in some of the things, which is not a good habit. So I would definitely recommend putting them in a parameter store or a Haskell world. Automation and testing. So automation is essential for consistent infrastructure deployment. By integrating Terraform into your CI CD pipelines, either you use a GitLab or Jenkins or Code pipeline on AWS, you can automate testing and validation and deployment of your infrastructure in your pipelines Use tools like TerraTest or Check how For testing to ensure configurations are secure and correct Managing drift. like I mentioned, in the past, the most common thing I've noticed is the manual changes that are made outside Terraform. some developers go on a, console, just click, change some things because to fix something. to develop some things that's, in the long run creates a drift and, and it's painful to track those changes as well. So regularly run Terraform plan to detect these changes and consider adding those in an automated drift checks in your DevOps pipeline. Detecting this drift early in the stages helps you to keep your infrastructure more consistent and avoid nasty surprises. Let's look at an example workflow deploying a landing zone example, AWS VPC with multiple subnets by following best practices, like reusing modules for VPC, storing state file remotely, using CI CD automation, you can create a scalable and maintainable and consistent cloud environment. So this is very useful when you also have multiple account, multiple environment. So this code basically is just one click on, but you change your input parameters to create multiple environments. So it's very useful. Sorry. Common challenges, the most common challenges in the infrastructures I've noticed personally are like state conflicts. Sometimes the street file might corrupt or sometimes, they go and mess around with the console and it creates a drift and yeah, changes like that also sends to data, which they keep some passports in your telephone call, which is not good. So solutions include using Terraform workspaces like we discussed earlier and isolate your environments. manage your state file securely on outside. S3 bucket and all secure there. Integrating your CI, CD pipeline for automated testing. we discussed about that. So by addressing these challenges, you can also deploy infrastructure more securely and reliably. Additional tools I would suggest to improve your Terraform workflow. Telephone cloud or enterprise provide better collaborative features and policy management. It's a paid version, but it's definitely worth it for large enterprises especially. Or you can use Teragrunt. Which can simplify your workflows for larger teams Finally explore some community resources such as terraform registry or github Repositories or ready made modules and examples, but don't just blindly copy them and just directly use in your production Just make sure do a sense check Avoid all the sensitive information is not there, whatever customize it for your requirements Just to summarize, remember the key best practices for Terraform, structured code consistently, use modules, prioritize security. Security, security is ground zero, so definitely prioritize security. Automate with CI, CD pipelines. So follow these best practices. it will help you to create scalable, secure, and more maintainable infrastructure with Terraform. So if you're interested in HashiCorp tools or in the process of taking any HashiCorp exams, feel free to join my HashiCorp user group to learn more about HashiCorp tools and win free HashiCorp Terraform world console exam vouchers by attending one of our meetup events. With that I would say thank you for attending Let's open the floor for any questions or specific challenges. You might face And thanks mark and his brother for bringing communities together like this 42 team you guys are doing a great job. Thanks for giving me the opportunity