CabbageLayer logoCabbageLayer
← Back to Blogs

Terraform Introduction: Part 1

Building, purchasing, and scaling out hundreds of physical computers can break the bank and is inefficient to manage. This is similar to baking dozens of your sourdough bread for friends, family, and the town folks. Let's streamline the building process with more efficiency, let's talk Terraform.

Cabbage LayerTerraform5 min read
Illustration representing a Terraform-powered factory baking cloud infrastructure.

Introduction

Before the times of Wonderbread, factories, and mass production, bakers had to bake and slice their bread manually before selling it at the market. This was inefficient and difficult to scale because the head baker had to teach dozens of junior bakers the instructions, recipe, and the secret ingredient to making their special bread.

Fast forward to today, but instead of talking about bread, we talk about technology. For today's example, techies will be the lead baker, virtual machines will be the industrial machines replacing manual bakers, and the factory being used is Terraform. Techies would rather deploy a bunch of virtual machines because it would be inefficient and expensive to send out a new computer every time a service is needed.

Getting Started

Let's translate a few Terraform concepts into our bakery metaphor:

  • Terraform – This is the factory producing your bread.
  • Cloud Provider – The grocery store. In today's example, we'll use Microsoft Azure.
  • Version – New changes happen often, just like new inventory at the grocery store.

Note: We will not be focusing on specific name details such as "HashiCorp" but instead on the general function of Terraform.

A configuration might include something like #Configuration Options. The {} is where we add the ingredients for organization. Within this, a feature called the features block can be used to define optional settings—helpful, but not required to start baking.

Recipe Structure

The directory structure for Terraform can look a little scary at first, but it's just a well-organized kitchen. Let's simplify the layout:

├── modules/ = Sous chef: 2nd in command, knows a set of recipes, redeployable anywhere.
│   ├── vpc/ = # of possible employees: Can be assigned public (front of house) or private (back of house).
│   │   ├── main.tf = Kitchen: Default location that defines, provisions, and manages resources.
│   │   ├── variables.tf = Cookware: Your pots, pans, ovens, etc.; defines what the recipe can expect.
│   │   ├── outputs.tf = Name of the Dish: What your sous chef has named the end product and its purpose (IP address, date, name, etc.).
│   │   ├── locals.tf = Aromatics: Temporary, reusable ingredients you can use many times throughout your recipe. Reduces repetition, stores complex calculations, stateful.
│   │   ├── versions.tf = Recipe Version: Changes to the recipe can change over time, so update as needed.
│   │   └── README.md = Notes From the Chef: Project-related notes.

Each file plays a role in keeping your kitchen efficient and reusable. Instead of rebuilding the kitchen from scratch every time, you lean on modules and well-labeled ingredients to keep things consistent.

Secret Recipe

When creating your special bread that has been passed down for generations, you would never reveal the secret ingredient that makes it delicious. Family secrets should not be visible in the configuration of your industrial machines either.

In Terraform projects, that secret belongs in an .env.local file, where it's kept safely in your personal environment. With this secret, you can authenticate to your machines and prove you're the lead baker—because only you know the special recipe. Once you tell the machine the secret, production can begin.

Shopping List Requirements

Before you open the bakery, you need to make sure the right people have the right access in the cloud grocery store.

  • App Registrations – These are the line cooks that are trusted by the sous chef and are permitted to commit changes, have access, and perform duties in Azure (the grocery store). The trust is unidirectional: your app trusts the Microsoft identity platform, not the other way around.
  • Role Assignments – Each line cook should have only their assigned duties and nothing more. They should not overstep their permissions, just like a baker shouldn't run the cash register without approval.

Conclusion

This is part 1 of the Terraform series. We've set up the kitchen, met the staff, and walked through the structure of our recipes. In part 2, we'll continue by working on how to label the structures appropriately so your Terraform factory stays organized and scalable.

Let's cook soon!