Ideas for better Infrastructure as a Code (IaaC)- Terraform

Learning  syntax of any programming language is easy but semantics is not that much easy


how to manage tags effectively with fewer errors when designing the Terraform will provide a lot of benefits for tracking resources for cost, monitoring

Thought process

Currently, we can find a huge amount of terraform modules on various version control systems like Github, bitbucket…..

as per my understanding, IaaC tools like terraform provide a lot of benefits in terms of automation but if not designed properly it creates a lot of challenges for monitoring, cost tracking and security. care must be taken from the beginning otherwise it is challenging once it goes in production I tried my best to avoid various anti-patterns when we design any terraform module.

I had started contributing to avoid these anti-patterns by publishing my terraform modules on terraform registry. although these modules are for AWS same thought process can be applied to designing modules for other cloud providers.

the main motivation for designing these modules is to make the life of any Cloud Engineer easy and productive. instead of working on some useless tasks like finding resources that are not tagged, removing Ec2 in the public subnet.

Please refer to the mindmap which mainly highlights common mistakes we make while tagging or naming resources.

MindMap for designing better terraform module



AWS Certified Solution Architect Professional Mind Maps

Domain 1: Design for Organizational Complexity 12.5%
Domain 2: Design for New Solutions 31%
Domain 3: Migration Planning 15%
Domain 4: Cost Control 12.5%
Domain 5: Continuous Improvement for Existing Solutions 29%

{Please note it is still in draft phase. I am planning to add more content to this page in future}

  1. Design for New Solutions
    1. Security
      1. DDOS
      2. CloudHSM
      3. AWS Shield
      4. AWS Key Management
      5. VPC Peering
      6. NACL
      7. VPN , Direct Connect
    2. Maintainance
    1.  Performance
      1. Elastic Network Interface
      2. Enhance Networking
      3. Placement Group
    2. Providing more than one benefits
      1. VPC End Point (improve security, performance, cost-saving as well)
    3.  Miscellaneous
      1. Load Balancer
      2. API Gateway
      3. Kinesis
      4. Route 53
      5. NAT Gateway
      6. RDS
      7. ECS
      8. EFS
      9. SQS
      10. Autoscaling
      11. NoSQL
        1. DynamoDb
  2. Continuous Improvement for Existing systems
    1. Lambda
    2. API Gateway
    3. S3
  3. Design for Organizational Complexity
    1. Maintaiance
      1. Logging
        1. CloudWatch Logs
        2. CloudTrail
        3. VPCFlow Logs
        4. AWS Config

%d bloggers like this: