Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HashiCorp Terraform for Network Infrastructure ...

Rosemary Wang
April 25, 2023
Technology
0
110

HashiCorp Terraform for Network Infrastructure as Code

Presented at Networking Field Day 31.

Rosemary Wang

April 25, 2023
Tweet

More Decks by Rosemary Wang

See All by Rosemary Wang
Build for massive scale & security with the HashiCorp Cloud Platform
joatmon08
0
15
People, process, and technology for ILM and SLM adoption
joatmon08
0
7
Secure Day 2 operations with Boundary and Vault
joatmon08
0
29
Can You Test Your Infrastructure as Code?
joatmon08
1
63
Multi-Account, Multi-Region, Multi-Runtime
joatmon08
1
34
Building a multi-account, multi-runtime service-oriented architecture
joatmon08
0
44
Choose Your Own Abstraction: Iterating on Developer Experience
joatmon08
0
47
Break Glass, Repair Fast, Reconcile Automation
joatmon08
2
42
Building a Developer Platform? Ask these questions.
joatmon08
0
43

Other Decks in Technology

See All in Technology
オブザーバビリティの観点でみるAWS / AWS from observability perspective
ymotongpoo
8
1.5k
飲食店予約台帳を支えるインタラクティブ UI 設計と実装
siropaca
7
1.8k
『衛星データ利用の方々にとって近いようで触れる機会のなさそうな小話 ~ 衛星搭載ソフトウェアと衛星運用ソフトウェア (実物) を動かしながらわいわいする編 ~』 @日本衛星データコミニティ勉強会
meltingrabbit
0
140
プロダクトエンジニア構想を立ち上げ、プロダクト志向な組織への成長を続けている話 / grow into a product-oriented organization
hiro_torii
1
170
エンジニアのためのドキュメント力基礎講座〜構造化思考から始めよう〜(2025/02/15jbug広島#15発表資料)
yasuoyasuo
17
6.7k
インフラをつくるとはどういうことなのか、 あるいはPlatform Engineeringについて
nwiizo
5
2.6k
君も受託系GISエンジニアにならないか
sudataka
2
430
ユーザーストーリーマッピングから始めるアジャイルチームと並走するQA / Starting QA with User Story Mapping
katawara
0
200
TAMとre:Capセキュリティ編 〜拡張脅威検出デモを添えて〜
fujiihda
2
240
株式会社EventHub・エンジニア採用資料
eventhub
0
4.3k
2024.02.19 W&B AIエージェントLT会 / AIエージェントが業務を代行するための計画と実行 / Algomatic 宮脇
smiyawaki0820
13
3.3k
急成長する企業で作った、エンジニアが輝ける制度/ 20250214 Rinto Ikenoue
shift_evolve
3
1.3k

Featured

See All Featured
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
193
16k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
30
4.6k
Building an army of robots
kneath
303
45k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Being A Developer After 40
akosma
89
590k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
49k
Navigating Team Friction
lara
183
15k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Making Projects Easy
brettharned
116
6k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Fireside Chat
paigeccino
34
3.2k
Site-Speed That Sticks
csswizardry
4
380

Transcript

  1. © 2023 HASHICORP 1 HashiCorp Terraform for Network Infrastructure as

    Code Rosemary Wang Developer Advocate at HashiCorp @joatmon08

  2. © 2023 HASHICORP 2 Write network infrastructure as code Share

    it with your team and organization. Run it in production. Research Adopt Standardize Scale The Infrastructure as Code Journey @joatmon08

  3. © 2023 HASHICORP Declarative Define what resources should be. 3

    Maintain Code & State Use as source of truth. Inject Dependencies Decouple resources to mitigate impact. Practices @joatmon08

  4. © 2023 HASHICORP Declarative Define what resources should be. 4

    Maintain Code & State Use as source of truth. Inject Dependencies Decouple resources to mitigate impact. Practices @joatmon08

  5. © 2023 HASHICORP 5 Declarative Define expected state of infrastructure

    in configuration files that you can version, reuse, and share. locals { annotation = "orchestrator:terraform" } resource "aci_tenant" "dev" { description = "This tenant is created by Terraform" name = "${var.prefix}_tenant" annotation = local.annotation } resource "aci_application_profile" "dev" { tenant_dn = aci_tenant.dev.id name = "${var.prefix}_ap" annotation = local.annotation } resource "aci_vrf" "dev" { tenant_dn = aci_tenant.dev.id name = "${var.prefix}_vrf" annotation = local.annotation } @joatmon08

  6. © 2023 HASHICORP @joatmon08

  7. © 2023 HASHICORP 7 registry.terraform.io/browse/providers?category=networking Terraform Providers for Networking @joatmon08

  8. © 2023 HASHICORP Declarative Define what resources should be. 8

    Maintain Code & State Use as source of truth. Inject Dependencies Decouple resources to mitigate impact. Practices @joatmon08

  9. © 2023 HASHICORP 9 Manage Code & State Establish a

    source of truth with configuration and state. terraform { cloud { organization = "hashicorp-team-da-beta" workspaces { tags = ["datacenter", "networking", "source:cli"] } } } resource "aci_tenant" "dev" { description = "This tenant is created by Terraform" name = "${var.prefix}_tenant" annotation = local.annotation } @joatmon08

  10. © 2023 HASHICORP @joatmon08

  11. © 2023 HASHICORP @joatmon08

  12. © 2023 HASHICORP @joatmon08

  13. © 2023 HASHICORP Declarative Define what resources should be. 13

    Maintain Code & State Use as source of truth. Inject Dependencies Decouple resources to mitigate impact. Practices @joatmon08

  14. © 2023 HASHICORP 14 Inject Dependencies Retrieve metadata from an

    abstraction to change downstream dependencies independently. data "aws_availability_zones" "available" { state = "available" filter { name = "group-name" values = [var.region] } } resource "aws_subnet" "public" { count = var.public_subnet_count vpc_id = aws_vpc.nfd.id availability_zone = data.aws_availability_zones.available.names[count .index] // omitted } @joatmon08

  15. © 2023 HASHICORP @joatmon08

  16. © 2023 HASHICORP 16 developer.hashicorp.com/terraform/language Terraform Configuration Language @joatmon08

  17. © 2023 HASHICORP Declarative Define what resources should be. 17

    Maintain Code & State Use as source of truth. Inject Dependencies Decouple resources to mitigate impact. Practices @joatmon08

  18. © 2023 HASHICORP 18 Learn more at developer.hashicorp.com/terraform/tutorials @joatmon08

  19. © 2023 HASHICORP 19 Collaboration Practices for Network Infrastructure as

    Code with HashiCorp Terraform Cloud Rosemary Wang Developer Advocate at HashiCorp @joatmon08

  20. © 2023 HASHICORP 20 Write network infrastructure as code Share

    it with your team and organization. Run it in production. Research Adopt Standardize Scale The Infrastructure as Code Journey @joatmon08

  21. © 2023 HASHICORP Modularize Offer self-service for resources. 21 Test

    Validate system functions as intended. Verify Check secure & compliant configurations and settings. Practices @joatmon08

  22. © 2023 HASHICORP 22 Modularize Group common resources to enable

    self-service of properly configured network infrastructure. locals { annotation = "orchestrator:terraform" } resource "aci_tenant" "dev" { description = "This tenant is created by Terraform" name = "${var.prefix}_tenant" annotation = local.annotation } resource "aci_application_profile" "dev" { tenant_dn = aci_tenant.dev.id name = "${var.prefix}_ap" annotation = local.annotation } resource "aci_vrf" "dev" { tenant_dn = aci_tenant.dev.id name = "${var.prefix}_vrf" annotation = local.annotation } @joatmon08

  23. © 2023 HASHICORP @joatmon08

  24. © 2023 HASHICORP 24 registry.terraform.io/search/modules Modules on Terraform Registry @joatmon08

  25. © 2023 HASHICORP Modularize Offer self-service for resources. 25 Test

    Validate system functions as intended. Verify Check secure & compliant configurations and settings. Practices @joatmon08

  26. © 2023 HASHICORP 26 Test Write different tests to check

    for specific attributes and functionality. // VARIABLE VALIDATION variable "region" { type = string default = "us-east-1" description = "AWS Region" validation { condition = startswith(var.region, "us-") error_message = "Only use AWS regions in US" } } // TEST aws_subnets_have_correct_mask = rule { all aws_subnets as _, aws_subnets { aws_subnets.values.cidr_block contains "/24" } } @joatmon08

  27. © 2023 HASHICORP @joatmon08

  28. © 2023 HASHICORP @joatmon08

  29. © 2023 HASHICORP 29 play.sentinelproject.io/ Sentinel @joatmon08

  30. © 2023 HASHICORP

  31. © 2023 HASHICORP Modularize Offer self-service for resources. 31 Test

    Validate system functions as intended. Verify Check secure & compliant configurations and settings. Practices @joatmon08

  32. © 2023 HASHICORP 32 Verify Use existing policy libraries and

    custom policies to check for compliant and secure infrastructure configuration. // Policies to Run policy "public_access" { query = "data.terraform.policies.public_access.deny" enforcement_level = "mandatory" } // Policy Definition package terraform.policies.public_access import input.plan as tfplan deny[msg] { r := tfplan.resource_changes[_] r.type == "aws_security_group" r.change.after.ingress[_].cidr_blocks[_] == "0.0.0.0/0" msg := sprintf("%v has 0.0.0.0/0 as allowed ingress", [r.address]) } @joatmon08

  33. © 2023 HASHICORP @joatmon08

  34. © 2023 HASHICORP 34 registry.terraform.io/browse/run-tasks Terraform Cloud Run Tasks @joatmon08

  35. © 2023 HASHICORP @joatmon08

  36. © 2023 HASHICORP @joatmon08

  37. © 2023 HASHICORP 37 developer.hashicorp.com/terraform/cloud-docs/policy-enforcement Terraform Cloud Policy Enforcement @joatmon08

  38. © 2023 HASHICORP 38 Learn more at developer.hashicorp.com/terraform/tutorials/cloud -get-started @joatmon08

  39. © 2023 HASHICORP 39 Manage Network Infrastructure as Code Complexity

    with HashiCorp Terraform Cloud Rosemary Wang Developer Advocate at HashiCorp @joatmon08

  40. © 2023 HASHICORP 40 Write network infrastructure as code Share

    it with your team and organization. Run it in production. Research Adopt Standardize Scale The Infrastructure as Code Journey @joatmon08

  41. © 2023 HASHICORP Bridge Use manual interfaces to run infrastructure

    as code. 41 Validate Reconcile source of truth. Change Use immutability to update infrastructure. Practices @joatmon08

  42. © 2023 HASHICORP 42 developer.hashicorp.com/terraform/cloud-docs/integrations/service-now Change Management Systems @joatmon08

  43. © 2023 HASHICORP @joatmon08

  44. © 2023 HASHICORP 44 developer.hashicorp.com/terraform/tutorials/cloud/no-code-provisioning No-Code Provisioning @joatmon08

  45. © 2023 HASHICORP Bridge Use manual interfaces to run infrastructure

    as code. 45 Validate Reconcile source of truth. Change Use immutability to update infrastructure. Practices @joatmon08

  46. © 2023 HASHICORP 46 Validate Reconcile current state to codified

    one in order to reduce errors. data "aws_acm_certificate" "issued" { domain = "tf.example.com" most_recent = true } resource "aws_lb_listener_certificate" "example" { listener_arn = aws_lb_listener.front_end.arn certificate_arn = data.aws_acm_certificate.issued.arn lifecycle { postcondition { condition = data.aws_acm_certificate.issued.status != "EXPIRED" error_message = "The listener certificate has expired." } } } @joatmon08

  47. © 2023 HASHICORP @joatmon08

  48. © 2023 HASHICORP @joatmon08

  49. © 2023 HASHICORP 49 developer.hashicorp.com/terraform/cloud-docs/workspaces/health Health Assessments @joatmon08

  50. © 2023 HASHICORP Bridge Use manual interfaces to run infrastructure

    as code. 50 Validate Reconcile source of truth. Change Use immutability to update infrastructure. Practices @joatmon08

  51. © 2023 HASHICORP @joatmon08

  52. © 2023 HASHICORP @joatmon08

  53. © 2023 HASHICORP @joatmon08

  54. © 2023 HASHICORP 54 …even continuously deployed changes @joatmon08

  55. © 2023 HASHICORP @joatmon08

  56. © 2023 HASHICORP @joatmon08

  57. © 2023 HASHICORP 57 developer.hashicorp.com/consul/tutorials/network-infrastructure-automation/co nsul-terraform-sync-intro Consul-Terraform-Sync @joatmon08

  58. © 2023 HASHICORP 58 Learn more at developer.hashicorp.com/terraform/tutorials/cloud @joatmon08