Infrastructure as Code & Terraform Introduction

1. What is Infrastructure as Code?

Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure through machine-readable configuration files instead of manual processes, interactive UIs, or one-off scripts. Infrastructure is treated with the same discipline as application code — version controlled, reviewed, tested, and deployed through automated pipelines.

2. Why IaC? The Core Benefits

3. Declarative vs Procedural IaC

This is one of the most important conceptual distinctions for the exam:

4. Terraform Overview

Terraform was created by HashiCorp in 2014. It is:

• Open-source under the Business Source License (BSL 1.1) since August 2023 (was MPL 2.0)
• OpenTofu is the open-source fork maintaining MPL 2.0 licensing
• Written in Go; configuration written in HCL (HashiCorp Configuration Language)
• Provider-agnostic — one tool for AWS, Azure, GCP, Kubernetes, GitHub, Datadog, and 3,000+ others
• Currently the industry-standard IaC tool for multi-cloud infrastructure

5. Terraform Architecture

Terraform Core

• Reads and parses .tf configuration files
• Builds a dependency graph of resources (determines creation order)
• Compares desired state (config) against current state (state file)
• Produces an execution plan — shows exactly what will be created, changed, or destroyed
• Communicates with providers via RPC (Remote Procedure Call) over a plugin protocol

Providers

• Standalone Go binaries downloaded during terraform init
• Each provider implements a set of resource types and data sources
• Translate Terraform resource declarations into real API calls
• Versioned independently from Terraform core
• Examples: hashicorp/aws, hashicorp/azurerm, hashicorp/google, hashicorp/kubernetes

State

• A JSON file (terraform.tfstate) mapping configuration resources to real-world resource IDs
• Enables Terraform to know what already exists vs what to create/update/destroy
• Stores metadata, resource dependencies, and provider information
• Should be stored remotely (S3, Azure Blob, GCS, Terraform Cloud) for team usage

Registry

• registry.terraform.io — public hub for providers and reusable modules
• Providers: search by cloud provider, filter by tier (official, partner, community)
• Modules: pre-built, composable infrastructure patterns (e.g., "VPC module", "EKS cluster module")

6. Key Terraform Building Blocks

1# Provider — tells Terraform which platform to use
2terraform {
3  required_providers {
4    aws = {
5      source  = "hashicorp/aws"
6      version = "~> 5.0"
7    }
8  }
9}
10
11provider "aws" {
12  region = "us-east-1"
13}
14
15# Resource — a single piece of infrastructure to manage
16resource "aws_instance" "web" {
17  ami           = "ami-0c55b159cbfafe1f0"
18  instance_type = "t3.micro"
19
20  tags = {
21    Name = "web-server"
22  }
23}
24
25# Data Source — read existing infrastructure (not managed by this config)
26data "aws_vpc" "default" {
27  default = true
28}
29
30# Output — expose values after apply
31output "instance_public_ip" {
32  value = aws_instance.web.public_ip
33}
34
35# Variable — parameterize the configuration
36variable "instance_type" {
37  type    = string
38  default = "t3.micro"
39}
40
41# Local — intermediate computed values
42locals {
43  name_prefix = "prod-web"
44}
45
46# Module — reuse a collection of resources
47module "vpc" {
48  source  = "terraform-aws-modules/vpc/aws"
49  version = "~> 5.0"
50  name    = "my-vpc"
51  cidr    = "10.0.0.0/16"
52}

7. Terraform vs Other IaC Tools

Key differentiators of Terraform:

• Execution plans — preview changes before applying (no other tool shows this as clearly)
• State management — tracks what it manages so it can detect drift
• Provider ecosystem — 3,000+ providers covering virtually every platform
• Module reusability — share and reuse patterns via the public Registry

8. Terraform Editions

9. The Terraform Workflow at a Glance

10. Quick Reference