サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
WWDC25
developer.hashicorp.com
The flexibility of Terraform's configuration language gives you many options to choose from as you write your code, structure your directories, and test your configuration. While some design decisions depend on your organization's needs or preferences, there are some common patterns that we suggest you adopt. Adopting and adhering to a style guide keeps your Terraform code legible, scalable, and m
When we introduce module blocks, our configuration becomes hierarchical rather than flat: each module contains its own set of resources, and possibly its own child modules, which can potentially create a deep, complex tree of resource configurations. However, in most cases we strongly recommend keeping the module tree flat, with only one level of child modules, and use a technique similar to the a
Note: Explicit refactoring declarations with moved blocks is available in Terraform v1.1 and later. For earlier Terraform versions or for refactoring actions too complex to express as moved blocks, you can use the terraform state mv CLI command as a separate step. In shared modules and long-lived configurations, you may eventually outgrow your initial module structure and resource names. For examp
AWS AssumeRole allows you to grant temporary credentials with additional privileges to users as needed, following the principle of least privilege. To configure AssumeRole access, you must define an IAM role that specifies the privileges that it grants and which entities can assume it. AssumeRole can grant access within or across AWS accounts. If you are administering multiple AWS accounts, you ca
Cloud Development Kit for Terraform (CDKTF) allows you to use familiar programming languages to define and provision infrastructure. This gives you access to the entire Terraform ecosystem without learning HashiCorp Configuration Language (HCL) and lets you leverage the power of your existing toolchain for testing, dependency management, etc. We support TypeScript, Python, Java, C#, and Go. How do
Terraform modules are self-contained pieces of infrastructure-as-code that abstract the underlying complexity of infrastructure deployments. They speed adoption and lower the barrier of entry for Terraform end users who consume pre-built configuration. As a result, they should use coding best practices such as clear organization and the DRY ("Don't Repeat Yourself") principle wherever possible. Th
The Cloud Development Kit for Terraform (CDKTF) generates JSON Terraform configuration from code in C#, Python, TypeScript, Java, or Go, and creates infrastructure using Terraform. With CDKTF, you can use hundreds of providers and thousands of module definitions provided by HashiCorp and the Terraform community. By using your programming language of choice, you can take advantage of the features a
Terraform manages infrastructure on cloud computing providers such as AWS, Azure, and GCP. But, it can also manage resources in hundreds of other services, including the music service Spotify. In this tutorial, you will use a Terraform data source to search Spotify for an artist, album, or song, and use that data to build a playlist. PrerequisitesTo complete this tutorial, you will need: Terraform
GitHub Actions add continuous integration to GitHub repositories to automate your software builds, tests, and deployments. Automating Terraform with CI/CD enforces configuration best practices, promotes collaboration, and automates the Terraform workflow. HashiCorp provides GitHub Actions that integrate with the HCP Terraform API. These actions let you create your own custom CI/CD workflows to mee
Validated PatternsField-tested patterns for using HashiCorp products
Terraform providers manage resources by communicating between Terraform and target APIs. Whenever the target APIs change or add functionality, provider maintainers may update and version the provider. When multiple users or automation tools run the same Terraform configuration, they should all use the same versions of their required providers. There are two ways for you to manage provider versions
Infrastructure Automation CertificationsHashiCorp’s Infrastructure Automation certification program has two levels: Work up to the advanced Terraform Authoring and Operations Professional Certification by starting with the foundational Terraform Associate certification. The Associate certification validates your knowledge of basic concepts and skills associated with Terraform. Then, continue your
Serverless computing is a cloud computing model in which a cloud provider allocates compute resources on demand. This contrasts with traditional cloud computing where the user is responsible for directly managing virtual servers. Most serverless applications use Functions as a Service (FaaS) to provide application logic, along with specialized services for additional capabilities such as routing H
Outside of development mode, Vault servers are configured using a file. The format of this file is HCL or JSON. Enabling the file permissions check via the environment variable VAULT_ENABLE_FILE_PERMISSIONS_CHECK allows Vault to check if the config directory and files are owned by the user running Vault. It also checks if there are no write or execute permissions for group or others. Vault allows
Nearly all requests to Vault must be accompanied by an authentication token. This includes all API requests, as well as via the Vault CLI and other libraries. If you can securely get the first secret from an originator to a consumer, all subsequent secrets transmitted between this originator and consumer can be authenticated with the trust established by the successful distribution and user of tha
Terraform Plugin SDKv2 is a way to maintain Terraform Plugins on protocol version 5. We recommend using the framework to develop new provider functionality because it offers significant advantages as compared to the SDKv2. We also recommend migrating existing providers to the framework when possible. Refer to Plugin Framework Benefits for higher level details about how the framework makes provider
AWS's Elastic Kubernetes Service (EKS) is a managed service that lets you deploy, manage, and scale containerized applications on Kubernetes. In this tutorial, you will deploy an EKS cluster using Terraform. Then, you will configure kubectl using Terraform output and verify that your cluster is ready to use. Why deploy with Terraform?While you could use the built-in AWS provisioning processes (UI,
In the previous tutorial, you deployed Consul client agents and registered services to your Consul catalog. In this tutorial, you will connect workloads using Consul service mesh to enable secure service-to-service communication. A service mesh also allows you to leverage Consul's full suite of features. To create your service mesh, you will edit the service definitions on your Consul clients, lau
Each HCP Terraform workspace is associated with a particular Terraform configuration, which is expected to change and evolve over time. Since every organization has its own preferred source code control practices, HCP Terraform does not provide integrated version management. Instead, it expects Terraform configurations to be managed in your existing version control system (VCS). In order to perfor
Terraform v0.12 is a major release focused on configuration language improvements and thus includes some changes that you'll need to consider when upgrading. The goal of this guide is to cover the most common upgrade concerns and issues. For most users, upgrading configuration should be completely automatic. Some simple configurations will require no changes at all, and most other configurations c
This guide describes recommended best practices for infrastructure architects and operators to follow when deploying Vault using the Integrated Storage (Raft) storage backend in a production environment. This guide includes general guidance as well as specific recommendations for popular cloud infrastructure platforms. These recommendations have also been encoded into official Terraform modules fo
Note This engine can use external X.509 certificates as part of TLS or signature validation. Verifying signatures against X.509 certificates that use SHA-1 is deprecated and is no longer usable without a workaround starting in Vault 1.12. Refer to the deprecation notices for more information. The PKI secrets engine generates dynamic X.509 certificates. With this secrets engine, services can get ce
This guide is meant for enterprise users looking to advance their Terraform usage from a few individuals to a full organization. For Terraform code style recommended practices, refer to the Terraform style guide. IntroductionHashiCorp specializes in helping IT organizations adopt cloud technologies. Based on what we've seen work well, we believe the best approach to provisioning is collaborative i
Policy as code is the idea of writing code in a high-level language to manage and automate policies. By representing policies as code in text files, proven software development best practices can be adopted such as version control, automated testing, and automated deployment. Many existing policy or ACL systems do not practice policy as code. Many policies are set by clicking in a GUI, which isn't
Each Terraform configuration has an associated backend that defines how Terraform executes operations and where Terraform stores persistent data, like state. The persistent data stored in the backend belongs to a workspace. The backend initially has only one workspace containing one Terraform state associated with that configuration. Some backends support multiple named workspaces, allowing multip
Tip Before following the recommendations in this guide to build your own infrastructure pipelines from scratch, consider whether HCP Terraform's built in version control integration, run triggers, and other features meet your needs while automatically implementing best practices. For teams that use Terraform as a key part of a change management and deployment pipeline, it can be desirable to orche
次のページ
このページを最初にブックマークしてみませんか?
『developer.hashicorp.com』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く