HashiCorp Terraform Review

Creating a VPC and VPN connectivity to the VPC can be automated

How has it helped my organization?

The office was working out of their office and they had around nine clients. The workspace would be in AWS and doing a VPC manually would have been a really hard job. The time estimated for doing nine virtual private clouds would have taken more than a month or two. Using Terraform, they were able to finish it in two weeks. The speed at which we could create the infrastructure was much faster than physically doing it. Also, having an audit and log for all the infrastructure was managed a lot easier using Terraform rather than doing it manually.

What is most valuable?

One of the most valuable features is that it offers the ability to create a VPC, Virtual Private Cloud and VPN connectivity to the VPC can be automated without having to do it manually. 

What needs improvement?

I still struggle a bit when configuring VPNs when we have multiple rules. If we have five or six virtual private clouds and we have to give rights between those multiple VPCs, we can have big problems.  I think it was a learning curve and then we improved it. 

I have not come across anything that really stopped us from not doing anything for our requirement as of now.

What do I think about the stability of the solution?

I liked it because since it's scriptable, the way you create the infrastructure is the same way you can delete the infrastructure also. If you created 10 to 20 different services and objects in AWS using a Terraform script, it's much easier for a person to get the whole infrastructure down. You can do a backup and then you don't really need AWS services because either the client does not exist anymore, or there is some gap before the client comes back, you don't have to manually go and delete all the resources. One script would actually remove everything from AWS. 

Cost-wise, going through the script and then removing everything that you have created through the script is much better than manually doing it. That was helpful for the client as well.

What do I think about the scalability of the solution?

We use it to manage infrastructure. For day-to-day work, the main developers were not using Terraform, so it was only three of us who used it. We were working on Terraform, created those scripts, and then gave it to the client for whom I was doing the work. Since it's now scriptable, they are able to manage and do all these small changes. They don't come back to me. Since they don't come back to me, it seems like it is working fine.

Terraform keeps updating its scriptable platform, the engine through which they communicate. So if there is any change in AWS, they keep updating it. Even from the deployment side, they have to be aware of the features, which Terraform still supports and the features, which Terraform doesn't support and then work around accordingly.

How was the initial setup?

The initial setup, like doing the AWS credentials, putting it in place, and getting the API keys are the parts that took time. Otherwise, it is a lot faster and the learning curve is also much easier since it's a YAML-based scripting language. Even a non-programmer in a normal office can understand what is happening in the flow.

The deployment took around 15 days. In around 20 days we were ready with the Terraform scripts and then made small changes. Every time they need a new infrastructure that requires a small change, it would take a day or two. We created the initial Terraform script and gave it to a client so that it could later be managed by the client itself to create and run. Fifteen days was good enough for us to create and test the Terraform infrastructure and then give it to the client.

We started the deployment by seeing how we would divide the infrastructure. One is the list of infrastructure, which we would need irrespective of the clients for the VPC, VPN gateway, and active directory services. Those are all mandatory items that we would need for all the VPCs. And there are some items that are client-specific. We divided it into multiple parts. One is generic, which you will need for all the clients that are a base level. Then you keep playing the client's specific scripts on top of the base script.

What's my experience with pricing, setup cost, and licensing?

It's open-source.

What other advice do I have?

Rather than doing a monolithic Terraform for the whole infrastructure, it would be good for the script to be reusable. Use the base level script that every infrastructure would need. Generating a local IP network and then creating two instances or creating some databases and other basic scripts that all the infrastructure would need should be a base level script. Then add on your base level script with the add-on scripts on top of the base script to create infrastructure that is specific to clients. You can reuse the script, the same base group for many other purposes as well.

Before using Terraform, for auditing, creating machines, etc, we would either rely on AWS infrastructure itself or documents that had infrastructure-related data. Using Terraform, a lot of this data was captured automatically since it's a YAML script. It could be easily exported as a document or Excel file as well. Documentation and infrastructure was much easier to maintain than doing it otherwise.

I would rate Terraform an eight out of ten. 

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More HashiCorp Terraform reviews from users
...who compared it with AWS CloudFormation
Learn what your peers think about HashiCorp Terraform. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
512,221 professionals have used our research since 2012.
Add a Comment
ITCS user