Skip to main content
HashnodeRohit's Blog

Command Palette

Search for a command to run...

Intro to HCP Terraform

Published
3 min read
Intro to HCP Terraform
R
Rohit

I'm a results-driven professional skilled in both DevOps and Web Development. Here's a snapshot of what I bring to the table:

💻 DevOps Expertise:

  • AWS Certified Solutions Architect Associate: Proficient in deploying and managing applications in the cloud.
  • Automation Enthusiast: Leveraging Python for task automation, enhancing development workflows.

🔧 Tools & Technologies:

  • Ansible, Terraform, Docker, Prometheus, Kubernetes, Linux, Git, Github Actions, EC2, S3, VPC, R53 and other AWS services.

🌐 Web Development:

  • Proficient in HTML, CSS, JavaScript, React, Redux-toolkit, Node.js, Express.js and Tailwind CSS.
  • Specialized in building high-performance websites with Gatsby.js.

Let's connect to discuss how my DevOps skills and frontend expertise can contribute to your projects or team. Open to collaboration and always eager to learn!

Aside from my work, I've also contributed to open-source projects, like adding a feature for Focalboard Mattermost.

HashiCorp Cloud Platform (HCP) provides a robust suite of tools to help teams collaborate, maintain security, and ensure compliance. In this comprehensive guide, we'll explore HCP Terraform's key features, focusing on Private Registry, Workspaces, and Sentinel Policies.

What is HCP Private Registry?

HCP Private Registry is a centralized repository for storing and sharing private Terraform modules within your organization. It provides a secure, versioned, and controlled environment for managing reusable infrastructure code.

Key Features

  • Version Control: Maintain different versions of modules

  • Access Control: Fine-grained permissions management

  • Module Discovery: Easy search and discovery of internal modules

  • Documentation: Automated documentation generation

  • Security: Private hosting with encryption at rest

Setting Up Private Registry

# Configure the Terraform provider to use private registry
terraform {
  required_providers {
    aws = {
      source  = "app.terraform.io/my-org/aws"
      version = "~> 4.0"
    }
  }
}

# Example of using a private module
module "vpc" {
  source  = "app.terraform.io/my-org/vpc/aws"
  version = "1.0.0"

  vpc_cidr = "10.0.0.0/16"
  environment = "production"
}

Understanding Workspaces

Workspaces in HCP Terraform allow you to manage multiple states for the same infrastructure code, enabling you to maintain different environments or configurations.

Benefits of Workspaces

  1. Environment Separation: Maintain dev, staging, and production environments

  2. State Isolation: Prevent accidental changes across environments

  3. Variable Management: Environment-specific variable sets

  4. Access Control: Role-based access control per workspace

Workspace Configuration

# Create and select a workspace
terraform workspace new production

# Workspace-specific variables
variable "environment" {
  type    = string
  default = terraform.workspace
}

# Conditional resource configuration
resource "aws_instance" "server" {
  instance_type = var.environment == "production" ? "t3.large" : "t3.micro"
  tags = {
    Environment = var.environment
  }
}

Introduction to Sentinel Policies

Sentinel is HashiCorp's policy as code framework that enables fine-grained, logic-based policy decisions that can be enforced across all HashiCorp enterprise products.

Types of Policies

  1. Mandatory Policies: Must pass for Terraform to proceed

  2. Advisory Policies: Generate warnings but don't block execution

  3. Soft-Mandatory Policies: Can be overridden by authorized users

Example Sentinel Policy

# Policy to enforce instance types
policy "allowed-instance-types" {
    enforcement_level = "hard-mandatory"

    rule "verify-instance-type" {
        condition = all tfplan.resources.aws_instance as _, instances {
            instances.applied.instance_type in ["t3.micro", "t3.small", "t3.medium"]
        }

        error_message = "Instance type must be t3.micro, t3.small, or t3.medium"
    }
}

Implementing Cost Controls

# Cost control policy
policy "restrict-cost-by-workspace" {
    enforcement_level = "soft-mandatory"

    rule "check-estimated-cost" {
        condition = rule {
            tfrun.cost_estimate.delta_monthly_cost < 
                lookup(workspace_cost_limits, tfrun.workspace.name, 1000)
        }

        error_message = "Monthly cost estimate exceeds allowed limit for workspace"
    }
}

Private Registry Best Practices

  1. Version Constraints: Use specific version constraints for modules

  2. Documentation: Maintain comprehensive README files

  3. Testing: Implement automated testing for modules

  4. Tagging: Use semantic versioning for module releases

Workspace Management

  1. Naming Conventions: Implement consistent naming patterns

  2. State Management: Regular state backups and versioning

  3. Variable Sets: Use variable sets for common configurations

  4. Team Structure: Align workspaces with team responsibilities

Sentinel Policy Guidelines

  1. Policy Organization: Group related policies together

  2. Testing: Maintain policy test cases

  3. Documentation: Document policy intentions and exceptions

  4. Governance: Regular policy reviews and updates

Example Implementation Workflow

# Initialize with private registry
terraform init

# Select workspace
terraform workspace select production

# Plan with policy check
terraform plan

# Apply with approved policies
terraform apply
#aws#linux#terraform#devops#docker#kubernetes
16 views

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

Rohit's Blog

92 posts

🚀 DevOps Engineer | Fullstack Developer

Find interesting blogs about Devops, Cloud Computing and Web development related topics