Originally published on LinkedIn on 2022-02-14.
These days I learn to build a infrastructure in GCP. The past years I already worked with terraform and so I had already some experience with it. But I didn’t use terraform_remote_state as data source in the past.
A friend showed me how to use it, and it completely changed my way of writing terraform plans. Also the structure of my plans changed with this knowledge.
BUT be careful, there are important things to know, it has some security drawbacks. Really read the docs before start using it!
“Sharing data with root module outputs is convenient, but it has drawbacks. Although terraform_remote_state only exposes output values, its user must have access to the entire state snapshot, which often includes some sensitive information.” source
Be careful with remote state files in object storages, because it is just a small configuration issue and sensitive data is going public…
This knowledge was a game changer. In the past I used input and output variables a lot together with modules. I also was used to write terraform modules which configure services by triggering chef or ansible. With the focus of deployments on GKE I was wondering about the need of any configuration management. By using kubernetes as managed service there was no need for having configuration management in the stack. Just writing manifests and having a deployment pipeline is an other goal.
In the past I was used to structure my terraform plans by application and environments. Inside an application plan I had database, application server, redis and so on. Sure, it also configures all the stuff because ansible also will be triggered. And it had it’s ups and downs.
Back to Terraform. With this preconditions I wrote plans, and define data sources with terraform_remote_state to use the data source in resources. This way I can use the state of an other plan. Somehow this makes sense to me.
I learned to structure terraform plans in a different way. One plan for project declaration, an other one for databases, the next one for kubernetes. With the usage of the terraform_remote_state it is possible to retrieve variables of an other state and use them inside different plans as data source. This way the database plans can access values of the projects remote state. All database instances are inside a CloudSql terraform configuration, all GKE basis infrastructure in gke plan and both access the projects plan state via terraform_remote_state as data source.
There are several ways to structure terraform projects, each one has its advantages and disadvantages.
- ahead how to leverage hashicorp terraform remote state
- digitalocean how to structure a terraform project
- Jack Roper how to structure terraform projects
If you have some experienses or other interessting tutorials, it would be really nice if you can share them as comment.